Hello,
I’m trying to configure this tunnels:
Tunnel1: 10.0.0.0/24 → 10.20.0.0/24
Tunnel2: 10.0.0.0/24 → 10.20.0.32/28
Tunnel1 always work, but I get no traffic through Tunnel2. The SA for Tunnel2 does get stablished, but count bytes stay at 0.
Whow should I set this up on Mikrotik?
Thanks!
I had an issue with same setup on RB1200 and Cisco ASA 5510.
Forgot to mention, I’m using Mikrotik on both ends, RB1000 and 450G.
For Cisco I’ve read that the policy has to be set as “unique” instead of “require”.
10.20.0.32/28 is covered by 10.20.0.0/24, so if you you haven’t added a priority, the first one created wins.
Hello!
I’ve tried using higher priority (for example 100, 1000, 9999…) for 10.20.0.32/28 bu it still doesn’t work.
Thanks for the tip!
Thank you for help. It works !
Glad to hear that, slech 
I’ve manager to get it done by:
Defining two IPSec policy, each one for the needed tunnel:
Tunnel1: 10.0.0.0/24 → 10.20.0.0/24
Tunnel2: 10.0.0.0/24 → 10.20.0.32/28
Setting them as “unique” instead of “required”.
Setting the priority for Tunnel2: 10.0.0.0/24 → 10.20.0.32/28 quite higher than that for Tunnel1:
Tunnel1, priority 0
Tunnel2, priority 200
It hasn’t worked for me using smaller priority diferentials, say priorities 0 and 1.
Hope this helps!