Community discussions

MikroTik App
just joined
Topic Author
Posts: 18
Joined: Mon Oct 03, 2016 10:46 am

IPSEC Policy how to use range instead of network address ?

Mon Oct 03, 2016 5:23 pm


I need to connect to a IPSEC Concentrator (Zywall USG) and route all together.

The subnet on the Mikrotik side is

On the Zywall side there are :
- 2 local subnets : and
- 12 remotes subnets :,,, ......

Using a Zywall, things are easy, on IPsec policy I set, source address :, destination address : -
But I can not enter a range as dst. address policy with the Mikrotik, I have tried to set as destination, but Mikrotik crashed (I guess why).

Is there a way to avoid to make 14 policies, one for each subnets ?
Or set as destination and a firewall rule avoid the local subnet to be routed to the concentrator ?

In the future, I would love to replace all the Zywall with Mikrotik routers, including the Concentrator, any advice on how to do that ?

Thank you in advance !

Who is online

Users browsing this forum: mikruser, UpRunTech and 65 guests