Hi guys
i have some issues with ipsec. i am on the latest version 6.41. we have a tunnel set up between the mikrotik and a checkpoint firewall. the ipsec tunnel is established. I can reach the company that is using the checkpoint firewall but they cannot reach me for some reason. i can ping, ssh, rdp to their servers but they cannot do the same from their end to me.
in the logs we are seeing alot of these errors peer sent packet for dead phase 2 and failed to pre-process ph2 packet
any idea
You forgot to include your configuration and description of the network.
But, it probably is an error in de policy definition and/or a problem with firewall or NAT.
Hi I will most likely get the config info by tomorrow. but what do you mean by the last line, is this something you have come across before. I currently have src-nat rules in place for the two networks, but will look at posting the config soon
You need to carefully decide what IP ranges are used on each side and what NAT translations are to be done for internet traffic, and not for traffic between sites.
It is usually much simpler to get things working OK when using a GRE/IPsec tunnel plus some routes, instead of a plain IPsec tunnel.
issue is resolved i have split the /16 subnet into smaller subnets or /24 and now traffic works both ways