I’m trying to do an IPsec tunnel with a Nortel Contivity which is operating in the responder role.
The Mikrotik is on a semi-dynamic IP address. Haven’t seen it change in a few months…but it could.
I can get the tunnel working if I specify the Initiator ID (on the Contivity) as the public IP of my Mikrotik, but obviously that isn’t ideal.
I believe this behavior is determined by the “exchange mode” on the IPsec peer mode. I’m not sure if any of the other values (currently using Main) will allow a different value to be send. I’d prefer to send some kind of username (or static value).
Thanks for any help
Scott
Hi,
I am using Nortel Contivity IPSec tunnel to Mikrotik …
So far, i am able to create peer to peer branch office tunnels.
Can you enlighten me how to use Contivity as the responder and MK as the initiator ?
And my current peer to peer connection is always on demand. Can MK create a “nail up” tunnel so that its awlays up even when theres no traffic ?
Thanks
bump…anyone ?
MK IPSec configuration manual has too little info. Anyone can help ?
When I read up on this (reading the IPSec RFCs) it sounded like having the remote end specify an initiator ID was frowned upon as it presented a security problem.
In your case…what if you had the MT generate traffic to keep the tunnel up. That should keep the remote end up…and with the same IP address.
Good luck.
Scott