Glad to hear that, slech
I've manager to get it done by:
- Defining two IPSec policy, each one for the needed tunnel:
Tunnel1: 10.0.0.0/24 -> 10.20.0.0/24
Tunnel2: 10.0.0.0/24 -> 10.20.0.32/28
- Setting them as "unique" instead of "required".
- Setting the priority for Tunnel2: 10.0.0.0/24 -> 10.20.0.32/28 quite higher than that for Tunnel1:
Tunnel1, priority 0
Tunnel2, priority 200
It hasn't worked for me using smaller priority diferentials, say priorities 0 and 1.
- Lastly, change that crappy dsl router for another model which allows IP Protocol 50 (ESP) passthrough and not just UDP 500 Dnat'ing.
Hope this helps!