You are on page 1of 1

/ip ipsec peer

add address=202.79.24.203/32 port=500 auth-method=pre-shared-key secret="test"


add address=192.168.159.10/32 port=500 auth-method=pre-shared-key secret="test"
/ip ipsec policy
add src-address=192.168.2.0/24 src-port=any dst-address=192.168.1.0/24 dst-port=
any \
sa-src-address=202.79.24.204 sa-dst-address=202.79.24.203 \
tunnel=yes action=encrypt proposal=default
add src-address=192.168.2.0/24 src-port=any dst-address=192.168.1.0/24 dst-port=
any \
sa-src-address=202.79.24.204 sa-dst-address=192.168.159.10 \
tunnel=yes action=encrypt proposal=default
add src-address=192.168.2.0/24 src-port=any dst-address=192.168.1.0/24 dst-port=
any \
sa-src-address=192.168.159.20 sa-dst-address=192.168.159.10 \
tunnel=yes action=encrypt proposal=default
add src-address=192.168.2.0/24 src-port=any dst-address=192.168.1.0/24 dst-port=
any \
sa-src-address=192.168.159.20 sa-dst-address=202.79.24.203 \
tunnel=yes action=encrypt proposal=default
/ip firewall nat
add chain=srcnat action=accept place-before=0 \
src-address=192.168.2.0/24 dst-address=192.168.1.0/24

You might also like