Hi all,
i have a problem with my IPSec Policy.
We have multiple Subnets behind our Routers 172.27.x.x/24
If we establish an VPN we can reach the other Side but i can´t reach my Router in the Local Network (As example fot DNS traffic). As i can see in the PacketFlow Diagram all traffic which is going to the router will be encrypt by the IPSec Policy because my Local Network is part of the Policy.
As example i have 172.27.254.0/24 as Local Subnet my IPSec Policy has as SRC Address 172.27.254.0/24 and as Destination Address 172.27.0.0/16
Now all Traffic (also the local Traffic send to the router) will be encrypt.
Is there an solution that the local traffic will not encrypt?
Thanks in advance.
Br
Markus
-
-
nescafe2002
Forum Veteran
- Posts: 912
- Joined:
- Location: Netherlands
Re: IPSec Policy multiple Subnets
You could add a policy for the to-be-excluded subnet with action=none and a higher priority.
E.g.
E.g.
Code: Select all
/ip ipsec policy
add action=none dst-address=172.27.254.0/24 priority=1 src-address=172.27.254.0/24
Re: IPSec Policy multiple Subnets
Thanks nescafe2002,
that was the solution.
Br
Markus
that was the solution.
Br
Markus