Mar 20 2015

Mikrotik IPSec VPNs with multiple destination Networks/Policies and SA(s) management.

While configuring Multiple Networks VPNs (Multiple policy and destination SubNets reached via the same remote IPSec VPN Peer) between Mikrotik and other Firewalls, traffic would randomly stop for certain destinations.

Packet forwarding and encryption only works for one destination (the first matched IPSec Policy) and any other destination (and only the first matched one) will be reachable by performing a ‘SA Flush’.

Continue reading