Hi all
I have RB450G and try to setup IPSec VPN to D-Link DFL-800 router. But it isn't working

My D-Link DFL-800 IPsec settings:

Local Network: 192.168.99.0/24
Remote Network: 192.168.65.0/24
Remote Endpoint: 2.2.2.2 (wan ip of RB450G)
Encapsulation mode: tunnel
IKE Algorithms: High (3DES, AES, Blowfish, MD5, SHA1)
IKE Lifetime: 28800 seconds
IPsec Algorithms: High (3DES, AES, Blowfish, MD5, SHA1)
IPsec Lifetime: 3600 seconds
IPsec Lifetime:_ kilobytes

Authentication: Pre-shared key: *****
IKE XAuth: Off

IKE: Main DH Group: 2
PFS: disabled

RB450G settings:

IPSec

Peer:
Address: 1.1.1.1 (wan ip of D-Link)
Port: 500
Auth. method: pre-shared key
Secret:*****
Exchange mode: main
Proposal check: obey
Hash algorithm: md5
Encryption alg: 3des
DH Group: modp1024
Lifetime: 08:00:00
DPD Interval: 0

IPSec Policy:
Src Address:192.168.65.0/24
Dst. Address: 192.168.99.0/24
Protocol: 255 (all)

Action: encrypt
Level: require
IPsec protocol: ah&esp
Tunnel: on
SA Src. Address: 2.2.2.2
SA Dst. Address: 1.1.1.1
Proposal: default

Proposal:
Name: default
Auth. Algorithms: sha1
Encr. Algorithms: 3des
Lifetime: 01:00:00
PFS Group: none

What is wrong?

With some experiments I find out that D-link need enabled aes-128 at proposal. IPSec to one network (behind D-Link) starts to working but I need to make IPSec with multiple subnets (behind D-Link).
I add additional policies with other dest. addresses like in Class Video - Mikrotik VPN (http://gregsowell.com/?p=1290) but IPSec uses only one of them (nearest to D-Link).
I have checked “Generate policies” but it did not help.
What can I do any more?