IPSec Issues with ECMP Routering
Posted: Wed Oct 02, 2013 3:00 pm
Hi,
I'm using multiple Gateways in my Default Gateway (ECMP Routing).
There es an IPSec Tunnel that Connects to a branch location by DynDNS. It Should use WAN1 for this.
The Policy is configured with the Public IPs of WAN1 and branch location. Both IPs are entered to the Polity SA Adresses with Tunnel Option.
The Peer is configured with the branch public IP, aggressive mode and PresharedKey. "My Identifier" is the DDNS of WAN1.
Winbox is showing me a remote peer connection between WAN2 and branch location. What's going wrong here?
I tried to set a Mangle rule on all IPSec-ESP Traffic with RoutingMark WAN1, but no packets are matched.
Any Idea?
Best Regards,
redflag
I'm using multiple Gateways in my Default Gateway (ECMP Routing).
There es an IPSec Tunnel that Connects to a branch location by DynDNS. It Should use WAN1 for this.
The Policy is configured with the Public IPs of WAN1 and branch location. Both IPs are entered to the Polity SA Adresses with Tunnel Option.
The Peer is configured with the branch public IP, aggressive mode and PresharedKey. "My Identifier" is the DDNS of WAN1.
Winbox is showing me a remote peer connection between WAN2 and branch location. What's going wrong here?
I tried to set a Mangle rule on all IPSec-ESP Traffic with RoutingMark WAN1, but no packets are matched.
Any Idea?
Best Regards,
redflag