I am new here and have a problem where I have not found a suitable solution, although I searched.
If the issue has already been solved somewhere else, I'm sorry.
I would like to establish a VPN connection with my hEX s from my home to a firewall in the data center and then connect over this connection to the Internet and access my servers in the data center.
This works perfect.
However, I can no longer access the hEX s by IP address from my internal network (10.42.24.0/24) once the ipsec connection is established.
I am only able to access the router via the MAC Address with the winbox tool.
But if I don't run all networks through the VPN, the hEX s is still accessible.
Attached the IP Policy
Not able to reach hEX s:
Code: Select all
[admin@MikroTik] /ip ipsec policy> print detail
Flags: T - template, B - backup,
X - disabled, D - dynamic, I - invalid, A - active, * - default
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all
proposal=default template=yes
1 A peer=DCL tunnel=yes src-address=10.42.24.0/24 src-port=any
dst-address=0.0.0.0/0 dst-port=any protocol=all action=encrypt
level=require ipsec-protocols=esp sa-src-address=WAN IP hEXs
sa-dst-address=WAN IP Firewall in Datacenter proposal=proposal1 ph2-count=1
Code: Select all
[admin@MikroTik] /ip ipsec policy> print detail
Flags: T - template, B - backup,
X - disabled, D - dynamic, I - invalid, A - active, * - default
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all
proposal=default template=yes
1 A peer=DCL tunnel=yes src-address=10.42.24.0/24 src-port=any
dst-address=10.43.24.0/24 dst-port=any protocol=all action=encrypt
level=require ipsec-protocols=esp sa-src-address=WAN IP hEXs
sa-dst-address=WAN IP Firewall in Datacenter proposal=proposal1 ph2-count=1
Can I somehow set a route which is considered before the IPsec policies?
10.42.23.0/24 prio 0 via WAN interface
0.0.0.0/0 prio 10 vio IPsec interface
Best regards
Sarem