Hi
I have an issue using IPSEC in tunnel mode.
the tunnel is between a juniper and a microtil CCR 1009
ROS 6.20
I am only using a VPN between 2 sites, but i will need to use it over 4 sites, and each has 1-4 subnets
i have the following Policies define
/ip ipsec policy
add dst-address=10.1.20.0/24 proposal=TS_Old_Office sa-dst-address=
x.x.x.x sa-src-address=109.166.242.178 src-address=192.168.2.0/24
tunnel=yes
add dst-address=10.1.20.0/24 proposal=TS_Old_Office sa-dst-address=
y.y.y.y sa-src-address=109.166.242.178 src-address=10.1.254.0/27
tunnel=yes
The nat rules:
/ip firewall nat
add chain=srcnat dst-address=10.1.20.0/24 src-address=192.168.2.0/24
add chain=srcnat dst-address=10.1.20.0/24 src-address=10.1.254.0/27
Still only one is working at one time. If the 192.168.2.0/24 replies from 10.1.20.x, then 10.1.254.0 will no longer work.
Does anyone know how can this be fixed? On the juniper i have peoxy id for it.
Nobody used IPSEC tunnel mode between multiple offices?