What if I need two incoming ipsec connection from two peers having each a dynamic ip address and different services ?
i.e. a roadwarrior L2TP client and a GRE over IPsec tunnel from a dynamic source each with different encryption method ?
Thanks
Pardon…
Just realized GRE tunnel has its own IPSEc section to generate a relatd policy…great
Anyway, what if different encription method are asked from dynamic peers ?
It is possible to add multiple peers with different exchange and encryption algorithms.
Do you mean multiple 0.0.0.0/0 peers with different encryption algorithm, ipsec secret etc ???
yes
Could you please elaborate on how to set multiple peers with same IP address (0.0.0.0/0)?
I set up two configurations with different encryptions (aes-192, sha1 and aes-256, sha256) and different proposals (same), but from the debug logs I can see one is arbitrary chosen and fails if thats the wrong peer configuration.
Thanks
As it is written in the manual peers are selected by and exchange type.
So you can add to peers with 0.0.0.0/0 and different exchange modes.
You are correct. the documentation is missleading
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Peer_configuration
It says:
It means that you can configure multiple ipsec peers with the same address but different exchange modes > or encryption methods. >
But it seems like only exchange modes work (I was able to set up two dynamic 0.0.0.0/0 configurations with IKEv1 and IKEv2)