Community discussions

MikroTik App
 
zuku
Member Candidate
Member Candidate
Topic Author
Posts: 109
Joined: Sat Jun 27, 2015 3:56 pm

Mikrotik create multiple SAs in ipsec connection

Mon Jul 12, 2021 10:00 am

Hello,
I have created ipsec tunnel (tunnel mode) with remote fortigate router, the problem is the mikrotik create multiple SAs for this connection, I have over 1000 SAs created with the same Src. Address (fortigate router) and Dst. Address (Mikrotik)

Image
My ipsec policy:
/ip ipsec policy
add action=none dst-address=192.168.3.0/24 src-address=192.168.3.0/24
add action=none dst-address=10.12.0.0/20 src-address=10.12.0.0/20
add dst-address=0.0.0.0/0 peer=FGT proposal=FGT sa-dst-address=x.x.x.30 \
    sa-src-address=x.x.x.34 src-address=192.168.3.0/24 tunnel=yes
add dst-address=0.0.0.0/0 level=unique peer=FGT proposal=FGT sa-dst-address=x.x.x.30 \
    sa-src-address=x.x.x.34 src-address=10.12.0.0/20 tunnel=yes

Who is online

Users browsing this forum: Ahrefs [Bot], alan3664, Bing [Bot], deadmaus911, itvisionpk, kolopeter and 65 guests