I have three routers, A B and C.
A=192.168.10.0/24
B=192.168.11.0/24
C=192.168.12.0/24
A is the Main Site that has IPsec with B and C, everything is working fine and I can ping from A to B and from A to C.
But I Can not ping between B and C.
there is a way to ping between B and C by adding policies from both sides, but I want to ping between B and C through A.
there are many topics regarding this issue by using L2tp and OSPF.
is there any way to accomplish it by IPsec itself without using L2tp throw a firewall or route?
thanks in advance and have a nice day
Router A
Code: Select all
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=aes-128 name=profile1
/ip ipsec peer
add address=192.168.40.172/32 name=peer2 profile=profile1
add address=192.168.40.171/32 name=peer1 profile=profile1
/ip ipsec proposal
add enc-algorithms=aes-128-cbc name=proposal1
/ip ipsec identity
add peer=peer1
add peer=peer2
/ip ipsec policy
add dst-address=192.168.11.0/24 peer=peer1 proposal=proposal1 src-address=192.168.10.0/24 tunnel=yes
add dst-address=192.168.12.0/24 peer=peer2 proposal=proposal1 src-address=192.168.10.0/24 tunnel=yes
Code: Select all
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=aes-128 name=profile1
/ip ipsec peer
add address=192.168.40.170/32 name=peer1 profile=profile1
/ip ipsec proposal
add enc-algorithms=aes-128-cbc name=proposal1
/ip ipsec identity
add peer=peer1
/ip ipsec policy
add dst-address=192.168.10.0/24 peer=peer1 proposal=proposal1 src-address=192.168.11.0/24 tunnel=yes
Code: Select all
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=aes-128 name=profile1
/ip ipsec peer
add address=192.168.40.170/32 name=peer1 profile=profile1
/ip ipsec proposal
add enc-algorithms=aes-128-cbc name=proposal1
/port
set 0 name=serial0
/ip ipsec identity
add peer=peer1
/ip ipsec policy
add dst-address=192.168.10.0/24 peer=peer1 proposal=proposal1 src-address=192.168.12.0/24 tunnel=yes