Hopefully someone can enlighten me.
We have 3 branches, head office and branch A and Branch B.
Head office 192.168.0.0/23
Branch A 192.168.2.0/24
Branch B 192.168.3.0/24
All three branches used to be on a mpls network with a central ISP breakout. We have moved head office which uses a pfsense gateway to a different ISP. Both branches require access to head office lan. The branches are using mikrotik rb2011. I have successfully established the ipsec tunnel between head office and branch A, I can ping anything on branch A lan from head office but from branch A to head office, no traffic is routed. If I try and use a trace route from branch A to head office the traffic is still trying to route over the mpls, these branches will only move to the new ISP next week.
Do the ipsec policies on the mikrotik try and apply before trying the default gateway? No routes to the 192.168.0.0 lan exist on the mikrotik.
I have configured the nat rule and firewall filter rules accordingly on the mikrotik.
I can post configs later. Just thought I could get the conversation started.
Can anyone guide me to a solution?