IPSEC + L2TP with two Mikrotik router - bridging one IP

Hello,

How to get one ip-adress of a company LAN secure over an insecure public network? I have configured this like the expample in the mikrotik wiki.
http://wiki.mikrotik.com/wiki/L2TP_%2B_IPSEC_between_2_Mikrotik_routers

My problem is, that I don’t whant to route between two networks like in the example, but rather to bridge one IP of the company LAN to the internal interface of the VPN-client router. I have done this via proxy arp in the L2TP settings. Without the IPSEC-Part it works great, but I found no way to join the L2TP proxy arp tunnel with the IPSEC tunnel.

I have attached my problem in a draft.

Can anybody show me that I have to change in the example-config so that this would be work?
Many thanks.
Jürgen

If you are satisfied with L2TP encryption then follow the guide in:
http://wiki.mikrotik.com/wiki/Manual:BCP_bridging_(PPP_tunnel_bridging)

If you need IPSec, add a peer on the VPN concentrator, like:
/ip ipsec peer add address=0.0.0.0/0:500 secret=secureword generate-policy=yes



On the dynamic router:
/ip ipsec peer add address=10.1.1.250/32:500 secret=secureword generate-policy=no

Add the policy with a startup script like:
:global wanaddr [/ip route get value-name=pref-src [find gateway=ether1]] if ether1 is the dhcp interface
/ip ipsec policy add action=encrypt comment=“” disabled=no dst-address=10.1.1.250/32:1701
ipsec-protocols=esp level=require priority=0 proposal=default protocol=
udp sa-dst-address=10.1.1.250 sa-src-address=“$wanaddr” src-address=
“$wanaddr/32”:1701 tunnel=no


I hope this will help you