I'm trying to create site-to-site IPSEC VPN tunnel between two sites, and pass LAN and Internet traffic from Site2 to Site1. The Configuration is working; the tunnel is being created, and all traffic passed, but several issues are occurring with the Mikrotik when the IPSEC policy has the dst-adderss=0.0.0.0/0 .
-Configuration:
- Site1: Cyberoam v10.6 with LAN 192.168.0.0/24
- Site2: Mikrotik v6.41.4 with LAN 192.168.1.0/24
- NAT is not being used, because there is route between the two sites
- IPSEC Policy on Mikrotik: src-address=192.168.1.0/24 dst-address=0.0.0.0/0
- IPSEC Policy on Cyberoam: src-address=0.0.0.0/0 dst-address=192.168.1.0/24
- Some TCP traffic is getting "lost", and others getting TCP RST flag after some time (weird part is TCP handshake is always completing without any issues)
- Can't access the WebFig from the Mikrotik LAN side
- Can't access web page located in the Mikrotik site (Site2) from Site1
Any kind of help,insight, alternative configuration for site-to-site VPN with passing internet traffic will be appreciated.