Community discussions

MikroTik App
 
guru431
just joined
Topic Author
Posts: 13
Joined: Fri Nov 29, 2019 10:37 am

Redirect all local traffic to ipsec except traffic to the router

Fri May 13, 2022 8:03 pm

Hi all!

I am configuring ipsec tunnel Mikrotik - Cisco.
Task: to bring absolutely all the traffic from the local Mikrotik network (192.168.100.16/29) to the Internet through the tunnel to cisco
I don't control Cisco. Everything is already configured there.

I have ipsec configured on the mikrotik:
/ip ipsec profile add dh-group=modp1536 enc-algorithm=aes-128 name=profile1
/ip ipsec peer add address=<server> name=peer1 profile=profile1
/ip ipsec proposal add auth-algorithms=sha1 enc-algorithms=aes-256-cbc name=proposal1 pfs-group=none
/ip ipsec policy add peer=peer1 proposal=proposal1 src-address=192.168.100.20 tunnel=yes
/ip ipsec identity add peer=peer1 secret=<secret>

This works for one computer 192.168.100.20
But I need for the whole subnet 192.168.100.16/29
I use the following ipsec policy:
/ip ipsec policy add peer=peer1 proposal=proposal1 src-address=192.168.100.16/29 tunnel=yes
And after that, I lose connection with mikrotik from the local network.

Question: how to redirect all local traffic to ipsec except traffic to the router itself?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Redirect all local traffic to ipsec except traffic to the router  [SOLVED]

Fri May 13, 2022 8:29 pm

Use this as first policy:
/ip ipsec policy
add src-address=192.168.100.16/29 dst-address=192.168.100.16/29 action=none
 
guru431
just joined
Topic Author
Posts: 13
Joined: Fri Nov 29, 2019 10:37 am

Re: Redirect all local traffic to ipsec except traffic to the router

Fri May 13, 2022 9:42 pm

It works!
Thank you so much!

Who is online

Users browsing this forum: araqiel, Bing [Bot], Maggiore81 and 97 guests