Community discussions

MikroTik App
just joined
Topic Author
Posts: 13
Joined: Mon Dec 21, 2020 2:09 pm

Marking IKEv2 dynamic connection for Firewall

Tue Feb 09, 2021 12:20 pm

Hello Forum,

Today I noticed that when my Windows machine connects via IKE2 and self Signed SSL certificate to my HAP AC3 it can not access router's winbox for management.
Router is listening for IKE2 connection - dynamic peer.

Rule that disallows my management via IKE2 tunnel is :
Drop input from interface list !LAN. (WAN interface does not belong to LAN interface list)

This is a good rule, since I do not want to allow management from WAN.
However, my IKE2 traffic originates from WAN, and that rule creates a problem.

Is it possible to mark my connection from Dynamic Peer and simply create filter rule higher than interface rule for marked connection?
If so how do I do it?
What other ways do you suggest without disabling rule mentioned above?

Who is online

Users browsing this forum: amsteen, eworm, Google [Bot], Google Feedfetcher and 198 guests