Community discussions

 
User avatar
hvdhelm
just joined
Topic Author
Posts: 17
Joined: Sat Aug 27, 2011 9:37 am

IPsec - Policy with overlapping subnets

Mon Feb 13, 2017 1:16 pm

Hi all,

I'm little bit stuck with the configuration of my vpn connection. We are migrating form a Cisco ASA to a Mikrotik RB2011.

Locally I run a 192.168.85.64/26 subnet on the remote site the have 192.168.0.0/16. When enabling this policy I loose connectivity tot my RB on it's ip 192.168.85.65/26.
src-address=192.168.85.64/26 src-port=any dst-address=192.168.0.0/16 
       dst-port=any protocol=all action=encrypt level=require 
       ipsec-protocols=esp tunnel=yes sa-src-address=xxx.xxx.223.144 
       sa-dst-address=yyy.yyy.108.4 proposal=default priority=0 
Any suggestion to solve this? Changing the subnet's is not an option because we are migrating the firewall and changing subnets has a mutch bigger impact.
 
nescafe2002
Long time Member
Long time Member
Posts: 624
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: IPsec - Policy with overlapping subnets

Mon Feb 13, 2017 1:24 pm

See also: http://forum.mikrotik.com/viewtopic.php?f=13&t=115109

Add an exclusion policy (for dst-address=192.168.85.65/26 with higher priority and action=none).
 
User avatar
hvdhelm
just joined
Topic Author
Posts: 17
Joined: Sat Aug 27, 2011 9:37 am

Re: IPsec - Policy with overlapping subnets

Mon Feb 13, 2017 1:38 pm

Thanks! Problem solved.

I also have to work on my search capabilities, didn't find found it... :-s Excuse for this duplicate post!

Who is online

Users browsing this forum: MSN [Bot] and 66 guests