Community discussions

MikroTik App
 
mdpsycho
just joined
Topic Author
Posts: 1
Joined: Fri Jan 21, 2022 7:55 am

Site2Site VPN with 2 different subnets on site1

Fri Jan 21, 2022 8:10 am

Hi all.
I have Site2Site IPSec VPN between Mikrotik and Palo Alto.
That's my infrastructure:
1. Data Center as Site 1 (Palo Alto PA-220, local network 192.168.16.0/24)
2. Head Office as Site 2 (Mikrotik hAP, local network 192.168.18.0/24)
3. VPN users (Global Protect, connected to Data Center, local network 192.168.168.0/24)
Right now, head office and data center can see each other, as well as vpn users can see data center
The subject is to make Head office network available for VPN users (168 subnet to 18 subnet).

So how to route two different subnets through one tunnel? Is it possible?
Previously we used Palo Alto on both sides and everything worked fine (routing was made via virtual routers - static routes).

In RouterOS I've tried to add 2 different policies for both networks, but when I'm adding second policy, connection drops completely.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Site2Site VPN with 2 different subnets on site1

Sun Jan 23, 2022 4:19 am

Multiple policies with level=unique is what you're looking for.

Who is online

Users browsing this forum: Amazon [Bot], EmuAGR, GoogleOther [Bot], TheCat12 and 73 guests