On Sun, 2016-07-03 at 16:50 +1000, Karl Auer wrote:
I'll try it out myself on my test AWS VPN, but did you have to make both changes, or would either do? And did you have to alter the IPsec protocol on the other end as well? If the second answer is "yes" then it won;t work, as there is no way to alter the AWS end. It is what it is.
Tried it out; using a supernet worked on its own. Changing the IPsec protocol prevented either of the policies from being flagged "invalid", but did not actually work. I wondered if I could fiddle with the IP protocols to make the policies "different" enough for RouterOS to let them co-exist. I tried it with three separate policies (for UDP, TCP and ICMP), but it didn't seem to work, though no policies were flagged "invalid". Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 6D59 8AE6 810D 44E3 7626 7040 4DD6 F89F 3053 4774 Old fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB