Azure ipsec - annoying error

RouterOS General
1

Hi to all :slight_smile:

I make a ipsec connection to azure and i have status connected
but
in log i see:
May/14/2016 15:15:10 ipsec,error phase1 negotiation failed due to time up myip[500]<=>azureip[500] 615c08b4a0e53ff7:0d6bad74a14394f8
in remote peer I see two connections, one connection disappears after error

https://zapodaj.net/6e9f480d92657.jpg.html
and more specifically “side:responder”

When I connected to azure by RDP my session was interrupted every few minutes but only for few seconds.
I don’t know if this is related to each other

my firewall filter:
add chain=input protocol=ipsec-esp
add chain=input connection-state=new dst-port=500 protocol=udp
add chain=forward dst-address=10.0.14.0/24 src-address=10.0.0.0/22
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-mark=!ipsec connection-state=established,related
add chain=input comment=“defconf: accept ICMP” protocol=icmp
add chain=input comment=“defconf: accept establieshed,related”
connection-state=established,related
add chain=forward comment=“defconf: accept established,related”
connection-state=established,related
add action=drop chain=input comment=“TELNET FTP SSH Bruteforce Filter”
dst-port=21-23 protocol=tcp src-address-list=blacklist-address
add action=add-src-to-address-list address-list=blacklist-address
address-list-timeout=1d chain=input connection-state=new dst-port=21-23
protocol=tcp src-address-list=stage-3
add action=add-src-to-address-list address-list=stage-3 address-list-timeout=1m
chain=input connection-state=new dst-port=21-23 protocol=tcp
src-address-list=stage-2
add action=add-src-to-address-list address-list=stage-2 address-list-timeout=1m
chain=input connection-state=new dst-port=21-23 protocol=tcp
src-address-list=stage-1
add action=add-src-to-address-list address-list=stage-1 address-list-timeout=1m
chain=input connection-state=new dst-port=21-23 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface=ether1

my nat:
add chain=srcnat dst-address=10.0.0.0/22 src-address=10.0.14.0/24
add action=masquerade chain=srcnat comment=“defconf: masquerade” out-interface=
ether1


Have you any ideas how to get rid this phase 1 error ?

I’m very sorry for my english but I have no one to “train” this language :slight_smile: and i forgot a lot :wink:

2

please, anyone ? :slight_smile:
If you need any additional info or you have any idea what can i do - please answer in this topic :slight_smile:
Maybe someone who has a full worked connection between mikrotik and azure can share his settings? :slight_smile: