Community discussions

MikroTik App
 
ConteMascetti
just joined
Topic Author
Posts: 1
Joined: Fri Apr 02, 2021 1:52 pm
Location: Florence (Italy)

IPSec with default route in Tunnel support

Fri Apr 02, 2021 5:16 pm

Hi all,
I have an IPSec tunnel with a firewall in main site (HQ) and a mikrotik in a branch site with no problem when I make a lan 2 lan policy which involve the sites local network.
When I change the IPSec policy in order to send ALL traffic (remote internet navigation) from the branch lan to the HQ main firewall in order to be inspected by main firewall, I see the branch PC traffic on the main firewall (seems no-nat rules are ok) but the branch router itself start to be unreachable from the local branch lan and send it's own LOCAL traffic through tunnel.
This is the network schema:
TT Mikrotik.png

This is my ipsec policy brief of branch office:
peer=<peer_name> tunnel=yes src-address=192.168.227.0/24 src-port=any dst-address=0.0.0.0/0 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp sa-src-address=<Public_Branch_IP> sa-dst-address=<Public_HQ_IP> proposal=<proposal_name> ph2-count=1 
And this is what I see on the main firewall where I find local branch office traffic inserted into the tunnel, even broadcast packet
Schermata 2021-04-02 alle 16.08.14.png
Why is router send local traffic into the tunnel?
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Ahrefs [Bot], artone, yakovz and 69 guests