I'm having a hard time replacing a Fortigate firewall which is acting mainly as a VPN gateway with a RB5009.
Remote peers are consisting of various devices, which all have different requirements:
- Fortigate with static IP
- Fortigate with dynamic IP behind NAT (NAT-T req'd)
- Mikrotik wAP ac LTE kit with static IP (ROS 7)
- AVM Fritzbox with dynamic IP - very limited in IPSEC configurability
Mostly I'm struggling with the fact that the Fortigate with the dynamic IP behind NAT collides with the AVM Fritzbox, which also has a dynamic IP address (not behind NAT).
These two devices need different phase1 settings aka IPsec profiles but as soon as I create a second peer with ::/0 in the "address" field, I get the error message "This entry is unreachable".
Basically this boils down to this question:
two dialup IPSEC peers (aggressive mode) with different IPsec profiles: impossible with RouterOS?
Thanks in advance