Page 1 of 1

How to exclude a few IPs from IPSEC VPN tunnel?

Posted: Thu Oct 02, 2014 1:21 pm
by mangust
Hello All.
I have created ipsec VPN tunnel with destination 0/0 - meaning i use this vpn tunnel for Internet connection.
However, I got a task to create another one tunnel to destination 10.20.30.0/24.
How can I exclude 10.20.30.0/24 from the first tunnel ? is that possible?

Re: How to exclude a few IPs from IPSEC VPN tunnel?

Posted: Thu Oct 02, 2014 11:08 pm
by jarda
Maybe by two rules. One for interval before the address and second one after?

Re: How to exclude a few IPs from IPSEC VPN tunnel?

Posted: Fri Oct 03, 2014 9:04 am
by mangust
Maybe by two rules. One for interval before the address and second one after?
Well , this is almost impossible.
How would you recommend to to separate 0.0.0.0/0 to exclude 10.20.30.0/24 ?

Anyone else ? Any thoughts ?

Re: How to exclude a few IPs from IPSEC VPN tunnel?

Posted: Sun Oct 05, 2014 3:11 pm
by mangust
Anyone ?

Re: How to exclude a few IPs from IPSEC VPN tunnel?

Posted: Wed Jan 15, 2020 12:15 am
by dsiecinski
If you got second tunel
place policy for it ... above main ipsec policy (0.0.0.0/0)

I mean IpSec policy in ...
/ip ipsec policy
add dst-address=10.20.30.0/24 level=unique peer=peer1 proposal=proposal1 src-address=LAN/24 tunnel=yes place-before=0

and same with srcnat rule
/ip firewall nat
add action=accept chain=srcnat dst-address=10.20.30.0/24 place-before=0