Hi all!
I am configuring ipsec tunnel Mikrotik - Cisco.
Task: to bring absolutely all the traffic from the local Mikrotik network (192.168.100.16/29) to the Internet through the tunnel to cisco
I don't control Cisco. Everything is already configured there.
I have ipsec configured on the mikrotik:
/ip ipsec profile add dh-group=modp1536 enc-algorithm=aes-128 name=profile1
/ip ipsec peer add address=<server> name=peer1 profile=profile1
/ip ipsec proposal add auth-algorithms=sha1 enc-algorithms=aes-256-cbc name=proposal1 pfs-group=none
/ip ipsec policy add peer=peer1 proposal=proposal1 src-address=192.168.100.20 tunnel=yes
/ip ipsec identity add peer=peer1 secret=<secret>
This works for one computer 192.168.100.20
But I need for the whole subnet 192.168.100.16/29
I use the following ipsec policy:
/ip ipsec policy add peer=peer1 proposal=proposal1 src-address=192.168.100.16/29 tunnel=yes
And after that, I lose connection with mikrotik from the local network.
Question: how to redirect all local traffic to ipsec except traffic to the router itself?