Community discussions

MikroTik App
 
dnordenberg
newbie
Topic Author
Posts: 38
Joined: Wed Feb 24, 2016 8:00 pm

IPsec policy question

Mon Jan 13, 2020 11:11 am

Hi!
How do I define a ipsec policy which includes my own network easiest. All my VPN networks are small 172.16 subnets.
Right now I have only this below which means I can talk to 172.16.2.0/25 from my local network 172.16.6.0/27 but no other networks is reachable but I want to change that.
/ip ipsec policy
add dst-address=172.16.2.0/25 level=unique peer=ipsec sa-dst-address=x.x.x.x sa-src-address=0.0.0.0 src-address=172.16.6.0/27 tunnel=yes

Is it ok to include my local network like this?
/ip ipsec policy
add dst-address=172.16.0.0/12 level=unique peer=ipsec sa-dst-address=x.x.x.x sa-src-address=0.0.0.0 src-address=172.16.6.0/27 tunnel=yes

Or do I have to write multiple policys that "masks" around my own 172.16.6.0/27?

Who is online

Users browsing this forum: Bing [Bot], sindy, Znevna and 123 guests