On Fri, 2011-07-01 at 10:37 -0400, r...@rdlow.com wrote: > Here is the export from the mikrotik
> /ip ipsec policy > add action=encrypt comment="" disabled=no dst-address=172.17.56.0/24:any > ipsec-protocols=\ > esp level=require priority=0 proposal="GT Mikrotik" protocol=all > sa-dst-address=\ > SITE B Public sa-src-address=SITE A PUBLIC > src-address=172.17.49.0/24:any tunnel=yes Try setting the 3 policies to level=unique. If that doesn't work, try level=use. I can't recall for sure, but you MAY have to use level=use on 2 of the 3 and level=require on one. With level=unique, I know for certain you don't need a level=require on any of them. It's been a while since I did this, so my memory of the details are fading. Either way, I'd bet this is your issue. -- ******************************************************************** * Butch Evans * Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ******************************************************************** _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS