Oracle IPsec

Configuration example for Oracle IPsec, seems common issue. Add local addresses to each IPSEC endpoint and configure the Oracle IPSEC side to have similar endpoints (they were optional).

Step-by-step guide

Add local addresses to each IPSEC endpoint and configure the Oracle IPSEC side to have similar endpoints:

1. ROS configuration example:

   /interface bridge
   add name=br-oci-ipsec

   /ip address
   ...
   add address=10.34.2.2/30 comment="oracle OCI ipsec - tunnel1" interface=br-oci-ipsec network=10.34.2.0
   add address=10.34.2.6/30 comment="oracle OCI ipsec - tunnel2" interface=br-oci-ipsec network=10.34.2.4

   /ip ipsec policy
   set 0 disabled=yes
   add dst-address=10.34.0.0/16 peer=tunnel-1-vcn-10-34-0-0 src-address=192.168.0.0/16 tunnel=yes # existing config
   add dst-address=10.34.0.0/16 peer=tunnel-2-vcn-10-34-0-0 src-address=192.168.0.0/16 tunnel=yes # existing config
   add dst-address=10.34.2.0/30 peer=tunnel-1-vcn-10-34-0-0 src-address=10.34.2.0/30 tunnel=yes # new
   add dst-address=10.34.2.4/30 peer=tunnel-2-vcn-10-34-0-0 src-address=10.34.2.4/30 tunnel=yes # new

2. 
   

   The corresponding Oracle OCI tunnel configuration with IPv4 inside tunnel interface CPE / Oracle addresses configured as 10.34.2.2/30 & 10.34.2.1/30.

   

Related articles

• Page:
  IPSEC with Fortinet and Encryption Domain
• Page:
  Wireguard IPv6
• Page:
  Remote access to a LMT Mikrotik router
• Page:
  7.13 new wireless packages
• Page:
  Oracle IPsec