I have a Mikrotik CCR2004 (RouterOS 7.22) with one physical interface connected to my regular network. The device's only function is to set up an IPSec tunnel to a remote network. The routing tables on the router in my normal network are fine, the traffic is coming in on the mikrotik but it's not coming into the tunnel. With some logging rules, we'll see that it does get to pre-routing but not into the tunnel afterwards.
Who has an idea?
Without a config it could be any number of things. Kindly post it here excluding serial numbers, passwords, etc.
/export file=anynameyouwish
Check the IPSec debug logs, make sure its established.
Thanks for the quick responses. Unfortunately, the problem is a bit more complicated. I have, of course, already tried everything necessary. The tunnel itself is up, and if I create a (virtual) interface on the Mikrotik itself, it works fine. The Mikrotik is connected to the network via a single interface, and that interface is used both for the IPSec tunnel and as the gateway through which the tunneling traffic enters. Because IPSec does not work with a virtual interface but with policy-based routing, this is apparently a problem. Now the question: how is this usually resolved?
Unfortunately, for security reasons, I cannot share configurations.
Recreate a configuration similar to your one, but with different IP's, MAC's, etc. in GNS3 on a CHR.
Check that it doesn't work in the same way as your highly secret one.
Post the CHR GNS3 config.
What do you exactly mean about this? A traffic from where? Do you have the appropriate firewall rules to steer this traffic towards the tunnel?