Community discussions

MUM Europe 2020
 
mangust
Member Candidate
Member Candidate
Topic Author
Posts: 224
Joined: Thu Jun 14, 2007 11:14 am

How to exclude a few IPs from IPSEC VPN tunnel?

Thu Oct 02, 2014 1:21 pm

Hello All.
I have created ipsec VPN tunnel with destination 0/0 - meaning i use this vpn tunnel for Internet connection.
However, I got a task to create another one tunnel to destination 10.20.30.0/24.
How can I exclude 10.20.30.0/24 from the first tunnel ? is that possible?
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: How to exclude a few IPs from IPSEC VPN tunnel?

Thu Oct 02, 2014 11:08 pm

Maybe by two rules. One for interval before the address and second one after?
 
mangust
Member Candidate
Member Candidate
Topic Author
Posts: 224
Joined: Thu Jun 14, 2007 11:14 am

Re: How to exclude a few IPs from IPSEC VPN tunnel?

Fri Oct 03, 2014 9:04 am

Maybe by two rules. One for interval before the address and second one after?
Well , this is almost impossible.
How would you recommend to to separate 0.0.0.0/0 to exclude 10.20.30.0/24 ?

Anyone else ? Any thoughts ?
 
mangust
Member Candidate
Member Candidate
Topic Author
Posts: 224
Joined: Thu Jun 14, 2007 11:14 am

Re: How to exclude a few IPs from IPSEC VPN tunnel?

Sun Oct 05, 2014 3:11 pm

Anyone ?
 
dsiecinski
just joined
Posts: 19
Joined: Fri Jan 27, 2017 6:16 pm
Location: Poland

Re: How to exclude a few IPs from IPSEC VPN tunnel?

Wed Jan 15, 2020 12:15 am

If you got second tunel
place policy for it ... above main ipsec policy (0.0.0.0/0)

I mean IpSec policy in ...
/ip ipsec policy
add dst-address=10.20.30.0/24 level=unique peer=peer1 proposal=proposal1 src-address=LAN/24 tunnel=yes place-before=0

and same with srcnat rule
/ip firewall nat
add action=accept chain=srcnat dst-address=10.20.30.0/24 place-before=0

Who is online

Users browsing this forum: flaviobhz, gammy69er, Google [Bot], MSN [Bot] and 50 guests