Hello.
I would like to ask you a question about the Mikrotik CRS125, in that I have two IPSECS settings for the same SA Dst. Address. I can get only one of them established and the other one I can not.
Here you can see my config file:
The one which stabilishs is the 10.50
-----
;;;Rede 171 - OK
src-address=192.168.13.0/24 src-port=any dst-address=171.0.0.0/8 dst-port=any protocol=all action=encrypt level=unique ipsec-protocols=esp tunnel=yes sa-src-address=aaa.aaa.aaa.aaa sa-dst-address=yyy.yyy.yyy.yyy proposal=client - Phase2 priority=0
----
;;;Rede 10.50 - OK
src-address=192.168.12.0/24 src-port=any dst-address=10.52.0.0/16 dst-port=any protocol=all action=encrypt level=unique ipsec-protocols=esp tunnel=yes sa-src-address=bbb.bbb.bbb.bbb sa-dst-address=yyy.yyy.yyy.yyy proposal=client - Phase2 priority=0
-----
;;;IKE Phase 1
address=yyy.yyy.yyy.yyy local-address=0.0.0.0 passive=no port=500 auth-method=pre-shared-key secret="passwd" generate-policy=no policy-template-group=default exchange-mode=main send-initial-contact=yes nat-traversal=no proposal-check=strict hash-algorithm=sha1 enc-algorithm=3des dh-group=modp1024 lifetime=1d8h lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
-----
name="client - Phase2" auth-algorithms=md5 enc-algorithms=3des lifetime=8h pfs-group=modp1024
Route
Rede 10.52 - Site-to-site
yyy.yyy.yyy.yyy/yy bbb.bbb.bbb.bb 1
Rede 171 - Site-to-site
yyy.yyy.yyy.yyy aaa.aaa.aaa.aaa 1