New IPsec and Routing

Did you create a SA between the Networks and the new ipsec tunnel?

So called did you insert all RED and all other networks of the other IPsec tunnels into local network of the new Remote network? 

Hi,

Created and now are UP with Red devices but no traffic  from Mikrotik to XG and then the IPsec tunnel to AWS.

For example:

traceroute 172.30.0.201 (AWS machine)

traceroute to 172.30.0.201 (172.30.0.201), 64 hops max, 52 byte packets

1  192.168.150.254 (192.168.150.254)  3.328 ms  0.800 ms  0.671 ms  Mikrotik Router

2  192.168.157.70 (192.168.157.70)  32.428 ms  33.017 ms  32.858 ms XG Cluster

3  * * *

4  * * *

5  * * *

6  * * *

7  * * *

8  * * *

9  * * *

10  * * *

11  * * *

any idea?

regards

Hi,

Created and now are UP with Red devices but no traffic  from Mikrotik to XG and then the IPsec tunnel to AWS.

For example:

traceroute 172.30.0.201 (AWS machine)

traceroute to 172.30.0.201 (172.30.0.201), 64 hops max, 52 byte packets

1  192.168.150.254 (192.168.150.254)  3.328 ms  0.800 ms  0.671 ms  Mikrotik Router

2  192.168.157.70 (192.168.157.70)  32.428 ms  33.017 ms  32.858 ms XG Cluster

3  * * *

4  * * *

5  * * *

6  * * *

7  * * *

8  * * *

9  * * *

10  * * *

11  * * *

any idea?

regards

Any idea?

I am not quite sure, if i understand your setup.

Basically IPsec is a Policy Based Routing.

XG will setup the routes for you to all IPsec Networks. The Routes will match Local and Remote Subnet. Basically you need a Firewall rule to allow this traffic regardless of the route.

RED will not create a Route for you. It is a Route based VPN. You need to create a Static or Policy Based Route for this traffic and also create a Firewall rule. 

Hi,

This firewall rule can be created using GUI or shell? and how?

Regards

Firewall Rules are created via GUI and are normal Firewall Policies in both scenarios.