I'm struggling to get site-to-site IPsec configured between two sites. Both the RB2011UiAS's are behind WAN routers (TP-Link(ADSL) and Ubiquity (WIFI)) in a DMZ configuration.
I followed the Mikrotik Manual, including the NAT'ing parts. It seems that the both the RBs are communicating and I can see the remote peer connections, but not getting any pings from either local networks through.
I'm not sure about the gateway config in the manual, it's points to publicIP.254. I assume that the below should be ok?
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.1.1 2.............(WAN router)
1 ADC 192.168.1.0/24 192.168.1.2 ether1-gateway 0
2 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0
Would appreciate any thoughts.