On Sun, 2016-07-03 at 14:03 +1000, Mike Everest wrote:
Apologies for not answering your question directly
No apology necessary - others may well be interested in how to talk to AWS with a MikroTik. MikroTik could help by permitting multiple IPsec policies to cover the same ranges, but apparently that's remained a bug (or a limitation at best) since at least 2011 :-(
I've received previous reports that one effective way to achieve what I assume to be your objective here, is to build a RouterOS VM inside your AWS cloud so that all you need is one public address to land on it then you have all of the routerOS VPN capabilities you need at both ends.
Not quite what I'm aiming for. I'm trying to use a MikroTik as the local end of an AWS Hardware VPN: See this link for what I'm talking about: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html Basically you can extend your network directly into AWS - in my case into a VPC that has no public IP addresses at all (except on the outside of a VPG of course). And no NAT. I'll go cogitate on the rest of your answer (re routes) now. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 6D59 8AE6 810D 44E3 7626 7040 4DD6 F89F 3053 4774 Old fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB