I have Mikrotik router on server side with static public IP. Other side have dynamic public IP and it is Edgerouter.
The traffic betwen clients works if I create ipsec policy with SA Src. Address and SA Dst. Address.
Because remote side have dynamic IP I like to have dynamic policy, that there is no need to change SA Dst. Address. I create template policy with 0.0.0.0 SA Dst. Address, IPSEC is enstablished but there is no traffic betwen?
Have can I correct set up the ipsec and policy template? Or is there some other configuration if remote peer have dynamic IP?
There is my setup:
Code: Select all
/ip ipsec> policy print
Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active,
* - default
0 TX* group=default src-address=::/0 dst-address=::/0 protocol=all
proposal=default template=yes
1 T ;;; VPN1
group=grp-VPN1 src-address=10.99.9.0/24 dst-address=192.168.254.0/24
protocol=all proposal=VPN1 template=yes
/ip ipsec> peer print
Flags: X - disabled, D - dynamic, R - responder
0 ;;; VPN1
address=ddns.domain.net profile=VPN1
auth-method=pre-shared-key secret="XXXX"
generate-policy=port-strict policy-template-group=grp-VPN1
exchange-mode=ike2 send-initial-contact=no