Community discussions

MikroTik App
 
mbeauverd
just joined
Topic Author
Posts: 18
Joined: Mon Oct 03, 2016 10:46 am

IPSEC Policy how to use range instead of network address ?

Mon Oct 03, 2016 5:23 pm

Hello,

I need to connect to a IPSEC Concentrator (Zywall USG) and route all together.

The subnet on the Mikrotik side is 172.20.25.0/24

On the Zywall side there are :
- 2 local subnets : 172.20.0.0/24 and 172.20.1.0/24
- 12 remotes subnets : 172.20.5.0/24, 172.20.10.0/24, 172.20.30.0/24, 172.20.31.0/24 ......

Using a Zywall, things are easy, on IPsec policy I set, source address : 172.20.25.0/24, destination address : 172.20.0.0 - 172.20.80.254
But I can not enter a range as dst. address policy with the Mikrotik, I have tried to set 172.20.0.0/16 as destination, but Mikrotik crashed (I guess why).

Is there a way to avoid to make 14 policies, one for each subnets ?
Or set 172.20.0.0/16 as destination and a firewall rule avoid the local subnet to be routed to the concentrator ?

In the future, I would love to replace all the Zywall with Mikrotik routers, including the Concentrator, any advice on how to do that ?

Thank you in advance !
Marc

Who is online

Users browsing this forum: mikruser, UpRunTech and 65 guests