Dear Forum,
The following IPSec example on the Mikrotik wiki does not work.
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec
http://wiki.mikrotik.com/wiki/File:Site-to-site-ipsec-example.png
After having configured the peers, policy and NAT rules as specified in the above wiki example, configuring and enabling the NTP clients on both routers (the wiki specifies that time should be synchronized on both routers in order for the IPSec tunnel to be created) and inserting a router in the middle to simulate the Internet (to route between the 192.168.90.0/24 and 192.168.80.0/24 subnets), I cannot get the Office1 and Office2 routers to establish an SA (security association).
The are no firewall rules present on any of the three routers (the two routers depicted in the example and the router I have inserted to simulate the Internet).
My set-up looks like this:
Office1 router <—> Router which simulates the Internet <—> Office2 router
The router that simulates the Internet has the following interfaces:
ether1=192.168.90.2/24 (connected to Office1 router’s ether1 interface)
ether2=192.168.80.2/24 (connected to Office2 router’s ether1 interface)
I am able to ping from 192.168.90.1/24 to 192.168.80.1/24.
Can someone help me with the necessary corrections to the wiki example’s configuration.
Thanks in advance.
Best regards,
Holger Christen Ølholm