I am attempting to create a IPSec VPN tunnel from my Routerboard to a Juniper SSG. I am unable to get the tunnel to connect at all. It would be preferable to have a numbered interface for the tunnel because I will need to add 5 or more routes to route thru this interface. Here is my current config:
delmar@gw1.delmar] /ip ipsec> export
# apr/10/2010 01:08:13 by RouterOS 4.6
# software id = Z56K-SU07
#
/ip ipsec proposal
set default auth-algorithms=md5 comment="" disabled=no enc-algorithms=3des lifetime=1h name=default pfs-group=modp1024
/ip ipsec peer
add address=206.xxx.xxx.185/32:500 auth-method=pre-shared-key comment="" dh-group=modp1024 disabled=yes dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=md5 lifebytes=471859200 lifetime=1d nat-traversal=yes proposal-check=obey secret=\
xxxxxxxxx send-initial-contact=yes
/ip ipsec policy
add action=encrypt comment="" disabled=no dst-address=172.16.16.0/22:any ipsec-protocols=esp level=require priority=0 proposal=default protocol=all \
sa-dst-address=206.xxx.xxx.185 sa-src-address=216.xxx.xxx.82 src-address=172.16.31.0/27:any tunnel=yes
0 ;;; Source NAT to HNS
chain=srcnat action=accept src-address=172.16.31.0/27 dst-address=172.16.16.0/22 out-interface=PPPoE
1 chain=dstnat action=accept src-address=172.16.16.0/22 dst-address=172.16.31.0/27 in-interface=PPPoE
Does anyone have any suggestions???
Thanks