Community discussions

MikroTik App
 
aarmstrong
just joined
Topic Author
Posts: 7
Joined: Mon Sep 26, 2011 10:43 pm

changed external IP address, now VPN tunnel won't talk HELP!

Mon Dec 19, 2011 8:49 pm

I changed the external IP address with new network. i can ping the external IP on the new firewall, and if you're on the firewall directly you can access the internet. These are the commands I am running but VPN tunnel won't reconnect. What am I missing? Yes, I've changed on the receiving firewall side....

x.x.x.116/26 is the new external FW IP
x.x.x.137 is the receiving FW on the other side.
*****************
/ip address
add address=x.x.x.116/26 broadcast=x.x.x.127 comment="" disabled=no interface=ether1-gateway network=x.x.x.64

/ip ipsec policy
add action=encrypt disabled=no dst-address=10.1.1.0/24:any ipsec-protocols=esp level=unique priority=0 proposal=default protocol=all sa-dst-address=x.x.x.137 sa-src-address=x.x.x.116 src-address=10.1.43.0/24:any tunnel=yes
add action=encrypt disabled=no dst-address=10.0.0.0/24:any ipsec-protocols=esp level=unique priority=0 proposal=default protocol=all sa-dst-address=x.x.x.137 sa-src-address=x.x.x.116 src-address=10.1.43.0/24:any tunnel=yes
add action=encrypt disabled=no dst-address=10.0.0.0/24:any ipsec-protocols=esp level=unique priority=0 proposal=default protocol=all sa-dst-address=x.x.x.137 sa-src-address=x.x.x.116 src-address=10.2.43.0/24:any tunnel=yes

/ip ipsec peer
add address=x.x.x.137/32:500 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=15 dpd-maximum-failures=3 enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=md5 lifebytes=0 lifetime=1d nat-traversal=no proposal-check=obey secret=xxxxxxx send-initial-contact=yes

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=x.x.x.x.65 scope=30 target-scope=10

Who is online

Users browsing this forum: Egate, erlinden, johnson73 and 67 guests