I have two sites, each of them with a LAN behind NAT, and each of them using different ISP.
Im trying to set a Dual WAN ipSec failover, but the ipSec policy keeps giving me trouble,
Site1 is like this:
ISP0 public IP 126.96.36.199
Site2 is like this:
ISP1 public IP 188.8.131.52 (this is the main link)
ISP2 public IP 184.108.40.206
I have already ISP failover working on Site2, using a combination of default route cost and some scripts that check for some external servers on ISP1 , so when the Mikrotik router cant see those servers it basically change the distance on the default route and moves the outgoing traffic to ISP2
Now, the problem is that I need an IPsec tunnel between the two sites (so the two LAN see each other) and I need it redundant on Site2.
I can make it work with ISP1 or ISP2, separated, but in order to have them both, I need two have ipSec policies involving the two peers and the LAN, on both Site1 and Site 2.
I realize that one of the IPsec policy disable itself when I have to involving the same Src Address and Dst Address (it turns red). So I created scripts on Site2 so that when the ISP1 goes down, it disable the ipSec policy that I dont need and enable the other, and viceversa.
The problem is that on Site1 Im having the same issue (need to ipSec policies so I can hook with either ISP1 or ISP2 on Site 2), and one of them turns Red, the only way to make it work is to manually enable/disable the one you dont need.
I cannot find a way to make a script that does that automatically, or a way to make this thing works with Dual WAN.
I wonder if anybody had that issue,