Community discussions

MikroTik App
 
edc
just joined
Topic Author
Posts: 6
Joined: Sat Mar 15, 2014 3:32 pm

Ipsec and Amazon EC2

Sat Mar 15, 2014 3:35 pm

There is RB750GL, mikrotik 6.10. Before to this firmware was 5.7 with the same problem.
Ipsec tunnel created to the Amazon EC2.
Several times a day the connection is dropped, only helps clean Installed SAs
Can somehow fix it or it's a feature on the ipsec mikrotik?
One could make a script that when connection is broken cleaned certificates, but the machines are turned off on Amazon and nothing to check ping.
 
jollis
just joined
Posts: 4
Joined: Wed Jun 15, 2011 2:38 am

Re: Ipsec and Amazon EC2

Fri Mar 21, 2014 1:04 am

whats the destination firewall manufacturer? I have issues between mikrotik and Microsoft ISA, it just stops communicating and I have to reset the peer to make it work again. Note that ALL vendors have IPSEC issues connecting to other vendors because some follow the RFC standard and some don't.

you could add the following to your scripts and then set the scheduler to run it every hour.
/ip ipsec remote-peers kill-connections
 
User avatar
stmx38
Long time Member
Long time Member
Posts: 617
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: Ipsec and Amazon EC2

Fri Mar 21, 2014 10:16 am

We use this workaround:

Script: dmz-monitor-ipsec-peer-and-flush-installed-sa
:local IPWatchServer 10.0.1.1
:local OutInterface ether1-lan
:if ([/ping interface=$OutInterface $IPWatchServer count=4]<3) do={
/ip ipsec installed-sa flush sa-type=all
:log info "IPSEC tunnel with DMZ is down: Flushing Installed SA !!!"
} else={
# :log info "IPSEC tunnel with DMZ is OK !"
}
And we run it every minute.

Who is online

Users browsing this forum: adrianmartin16, almdandi, infabo, somebilly and 66 guests