Community discussions

MikroTik App
 
schmeltm
just joined
Topic Author
Posts: 18
Joined: Sun Jan 15, 2012 4:28 pm
Location: near Duesseldorf

IPSec Policy multiple Subnets

Wed Nov 02, 2016 12:45 pm

Hi all,

i have a problem with my IPSec Policy.

We have multiple Subnets behind our Routers 172.27.x.x/24
If we establish an VPN we can reach the other Side but i can´t reach my Router in the Local Network (As example fot DNS traffic). As i can see in the PacketFlow Diagram all traffic which is going to the router will be encrypt by the IPSec Policy because my Local Network is part of the Policy.

As example i have 172.27.254.0/24 as Local Subnet my IPSec Policy has as SRC Address 172.27.254.0/24 and as Destination Address 172.27.0.0/16

Now all Traffic (also the local Traffic send to the router) will be encrypt.

Is there an solution that the local traffic will not encrypt?

Thanks in advance.

Br
Markus
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 912
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: IPSec Policy multiple Subnets

Wed Nov 02, 2016 2:18 pm

You could add a policy for the to-be-excluded subnet with action=none and a higher priority.

E.g.
/ip ipsec policy
add action=none dst-address=172.27.254.0/24 priority=1 src-address=172.27.254.0/24
 
schmeltm
just joined
Topic Author
Posts: 18
Joined: Sun Jan 15, 2012 4:28 pm
Location: near Duesseldorf

Re: IPSec Policy multiple Subnets

Wed Nov 09, 2016 11:16 pm

Thanks nescafe2002,

that was the solution.

Br
Markus

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot] and 65 guests