Answer the question
In order to leave comments, you need to log in
How to write mikrotik firewall rules for site to site?
There are two Mikrotiks, one in the main branch, the other in a remote one.
They connected to each other via l2tp, udp, tcp, icmp were allowed in the rules, i.e. I specified the necessary addresses in src.adress, dst. adress, also indicated in and out interface, in which my l2tp connection was, everything worked and everything was safe (probably).
The remote and main networks worked through NAT.
It was necessary to remove NAT and remake this connection to site to site (ipsec tunnel), everything also works and there are no problems. But in the firewall rules, in the place where I specified the lt2p connection, I now have to specify my WAN connection (specifically my PPoe connection to the provider), and this seems to be not very safe.
Well, actually the question is: how to properly configure the firewall in the case of an ipsec tunnel?
Answer the question
In order to leave comments, you need to log in
Use the IPsec policy matcher, on the Advanced->IPsec policy tab, to indicate that traffic has traveled through the tunnel and falls under one of the encryption policies
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question