Hello,
I have task to configure vpn tunnel from mikrotik router to juniper SRX. Mikrotik will have dynamic ip address.
Now I've ended configruation of IPsec Tunnel with static IP on both sides of tunnel. It works fine.
Then I configured with dinamic ip, provider give domain name instead IP address like D4CA6D168723.domain.ru.
Then juniper now have:
set security ike gateway branch-ike-gate dynamic hostname D4CA6D168723.domain.ru
On mikrotik I tested working config with My FQDN = D4CA6D168723.domain.ru, didn't working.
Then I used this config:
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des
add auth-algorithms=md5 enc-algorithms=3des name=juniper
/ip ipsec peer
# Unsafe configuration, suggestion to use certificates
add address=srx_address dpd-interval=disable-dpd \
dpd-maximum-failures=1 enc-algorithm=3des exchange-mode=aggressive \
hash-algorithm=md5 lifetime=30m secret=12345
/ip ipsec policy
add comment="dynamic ip" dst-address=172.16.10.0/24 proposal=juniper \
sa-dst-address=srx_address sa-src-address=0.0.0.0 src-address=\
192.168.88.0/24 tunnel=yes
Configs are added to this post.
Tunnel now is down, error in IKE phase1.
Help me please with this task.