Hello!
We have following configuration:
Site1 (Mikrotik) Site2 (Juniper)
LAN 192.168.10.0/24 LAN 192.168.11.0/24
LAN2 172.16.1.0/24
There is policy based ipsec tunnel between Site1 and Site2 with src and dst LANs 192.168.10.0 and 192.168.11.0. Recently LAN2 on Site2 was added.
Is it possible to configure Mikrotik to access Site2’s LAN2 from Site1 through ipsec tunnel?
Thank you.
It is, but you will need to update the configuration on both Mikrotik and Juniper.
You need to add another policy to cover communication between 192.168.10.0/24 (site 1 if I understood you correctly) and 172.16.1.0/24 (lan2 on site 2) networks.
I see 2 variants:
A) separate policy for each pair of source and destination networks as wrote above. I had this long time ago and stopped to use when a number of remote offices exceded three and a number of networks exceed ten %)
B) use IPSEC over another tunnel. For example GRE+IPSEC. In such case you can use usual routing. Much easier for maintenace. And possibility to run OSPF like protocols over such tunnels.