Community discussions

MikroTik App
 
davecullen86
just joined
Topic Author
Posts: 6
Joined: Fri Oct 21, 2022 10:57 pm

IKEv2 - Traffic Selectors Sending Not as I'd Expect

Fri Oct 21, 2022 11:06 pm

Hey Team

Today I bought an hAP AC2 and it looks great!

I have the basics setup and it's functioning great as a router within my home office environment.

I have a requirement to build an IKEv2 tunnel to a remote peer, but I am struggling to understand why my router is sending traffic selectors of 0.0.0.0/0 for both sides, instead of what I consider to be the configured networks, local: 172.20.20.0/24 remote: 10.2.0.0/24.

I must be wrong, but this is where I consider the config of my ESP SAs to be, so I have the SRC and DST networks entered as per the attached image.

But, when I take a post-decryption PCAP on the remote peer, I see that 0.0.0.0/0 is being proposed instead of the subnet pair I configured here.

What am I doing wrong and where do I need to add the networks so the correct traffic selectors are sent in the IKE_AUTH message please?

If I have missed any detail, let me know what else I need to provide.

Thanks a lot!

Dave
You do not have the required permissions to view the files attached to this post.
 
davecullen86
just joined
Topic Author
Posts: 6
Joined: Fri Oct 21, 2022 10:57 pm

Re: IKEv2 - Traffic Selectors Sending Not as I'd Expect

Sat Oct 22, 2022 1:02 am

Ok so I found the issue, I'd ticked "Template" in the profile due to seeing it on some guilde online... Now IKE and ESP SAs are up :-)

How do I add additional remote subnets to create multiple ESP SAs please?

Who is online

Users browsing this forum: jfox, mszru, tesme33 and 34 guests