I have created ipsec tunnel (tunnel mode) with remote fortigate router, the problem is the mikrotik create multiple SAs for this connection, I have over 1000 SAs created with the same Src. Address (fortigate router) and Dst. Address (Mikrotik)
My ipsec policy:
Code: Select all
/ip ipsec policy
add action=none dst-address=192.168.3.0/24 src-address=192.168.3.0/24
add action=none dst-address=10.12.0.0/20 src-address=10.12.0.0/20
add dst-address=0.0.0.0/0 peer=FGT proposal=FGT sa-dst-address=x.x.x.30 \
sa-src-address=x.x.x.34 src-address=192.168.3.0/24 tunnel=yes
add dst-address=0.0.0.0/0 level=unique peer=FGT proposal=FGT sa-dst-address=x.x.x.30 \
sa-src-address=x.x.x.34 src-address=10.12.0.0/20 tunnel=yes