How to use multiple IPSec instances with different "Exchange Mode"

seho · November 22, 2016, 11:47am

Hi all,

i need to run two IPSec Peers Configurations with different “Exchange Modes” in paralell.

One in “main l2tp” exchange mode for connecting “L2TP over IPSec” clients.
And another one using “main” as Exchange Mode, for default IPSec clients.

Its generally working when I assign a different ip-address to each “IPSec peer”.

Changing the port within the “IPSec peer” configuration, isn’t working - according to the wiki this port is only used for outgoing connection

Is it somehow possible to run both IPSec Peers on the same ip address?

Has somebody any experience in running IPSec and “LT2P over IPSec” concurently on an MikroTik Router?

Best regards,
seho

seho · November 22, 2016, 5:54pm

Basically i nailed it down the base problem - adding another ipsec peer screws up the login of the L2TPoIPSec clients.

If the ipsec peer is manually created or dynamic (“Use IPSec” in “L2TP-Server” Button in ppp) doesn’t matter.

I don’t if it know if matters here, but the clients are connecting over a vrrp interface provided by the MikroTik.

This bevavior is produced using the ROS 6.37.2.

Logfiles are attached to this post.

Maybe some of you some guys arround at MikroTik can have a look at.

Kind regards,
seho
working.log.0.txt (76.5 KB)
notworking.log.0.txt (94.9 KB)