Community discussions

MUM Europe 2020

Search found 9 matches

by Argon
Tue Dec 03, 2019 5:07 pm
Forum: Forwarding Protocols
Topic: Azure IPSEC tunel with BGP
Replies: 4
Views: 1048

Re: Azure IPSEC tunel with BGP

I spent a couple of sleepless nights trying to make IPIP work with Azure gateway, and no success. Would appreciate if you find a way to make it work...

As i found, the issue with Azure Gateway is it requires Tunnel mode and does not work in transport IPsec mode.
by Argon
Tue Dec 03, 2019 3:11 pm
Forum: Forwarding Protocols
Topic: Azure IPSEC tunel with BGP
Replies: 4
Views: 1048

Re: Azure IPSEC tunel with BGP

To have fully functional BGP over IPSec tunnel, you need the support of Route-based IPSec, or as others called it VTI. With VTI, you have a dedicated interface for IPSec tunnel, and policy is set to allow any to any within this tunnel, and then you manage your traffic on the route level, instead of ...
by Argon
Mon Oct 30, 2017 1:16 pm
Forum: General
Topic: Firewall filter rules to allow incoming IPSec packets - are they really needed?
Replies: 4
Views: 1649

Firewall filter rules to allow incoming IPSec packets - are they really needed?

I always thought I need to open incoming ports like UDP500, UDP4500 and ESP protocol to allow IPsec tunnels to work. I'm configuring a new router now, latest RouterOS, default configuration, just configured IPsec peers and policies... And see what tunnels are working without any additional filter ru...
by Argon
Thu Oct 27, 2016 1:13 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 82807

Re: Feature Req: IKEv2 server and client

Please provide the ETA for ROS v7. IKEv2 is critically needed.
by Argon
Sun Nov 29, 2015 11:18 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 82807

Re: Feature Req: IKEv2 server and client

+1

IKEv2 is necessary to connect local net to Azure with dynamic routing. I hoped to recommend my customers Mikrotik, but 3 years past, it not supports IKEv2.
by Argon
Fri Apr 11, 2014 6:37 pm
Forum: General
Topic: Routing between two IPSec Tunnels
Replies: 4
Views: 1104

Re: Routing between two IPSec Tunnels

Is it possible to crate policies for communication between 1 and 3? Yes, it's possible. I've tried to enable Generate Policy feture in IPsec Peers options. Don't use "Generate policy" option here, it is not needed in your case. I remember myself replying to a similar question some time ago. Have a ...
by Argon
Fri Apr 11, 2014 1:22 pm
Forum: General
Topic: Routing between two IPSec Tunnels
Replies: 4
Views: 1104

Routing between two IPSec Tunnels

I have a setup like this Network 1 <IPSEC TUNNEL> Network 2 <IPSEC TUNNEL> Network 3 RB750GL is in network 2. I can communicate between Net 1 and Net 2, Net 2 and Net 3. But no communication between Net 1 and Net 3? Is it possible to crate policies for communication between 1 and 3? I've tried to en...
by Argon
Mon Mar 26, 2012 12:22 pm
Forum: General
Topic: SSTP VPN, need to pass HTTPS traffic to external webserver
Replies: 1
Views: 574

SSTP VPN, need to pass HTTPS traffic to external webserver

Microsoft HTTP listener and TMG are able to multipleх SSTP and HTTPS connections, so one socket IP:443 with single certificate can be used to listen to SSTP connections and service HTTPS Web requests. TMG can even publish another sites with listener used for SSTP. Is RouterOS able to multiplex SSTP ...