Reaching out for some help with a Mikrotik that is the main internet facing gateway that has another router behind it (which is a draytek) that is trying to accept and establish an IPSEC VPN tunnel to another remote draytek. I have a dstnat to dstnat rule in place to the Drayteks WAN IP (which obviously a local IP from the mikrotik network) which is working. The ports that were opened on teh draytek are still open and still reach through to the draytek as intended.
But what else is required in order for IPSEC to establish a tunnel between these two drayteks when my mikrotik is feeding one of them internet? I have tried manually forwarding the IPSEC ports to the drayteks WAN IP with no luck (though i can see traffic on the firewall rule 500)
Two drayteks are establishing a VPN, yes? So one of them is behind my mikrotik and the other isn’t, yes? So the one behind my mikrotik is configured to allow dial in IPSEC connections and they are not working. Well, turns out the mikrotik was configured correctly but there was an issue with the drayteks VPN setting when it was on Aggressive mode rather than main mode. It’s working for in and out sessions now I just thought maybe the Mikrotik was ignoring the DMZ/Port forwarding for IPSEC traffic and trying to handle it on its own
I had already done this and it wasn’t working but it actually turns out it was the Draytek. The VPN type was set on aggressive mode rather than main mode and it didn’t like it being behind a NAT on aggressive mode so the IT guy switched it to Main mode and its now working!