Hi,
I have two mikrotik routers. One router has real IP address assigned directly to the router (as usual). Another router don’t have a real IP assigned to it’s interface. Instead of that the real IP is assigned via DNAT by our ISP. Is it possible to establish an IPSec tunnel for this configuration? I’ve tried but had no luck.
Bump
Отправлено с моего GT-N7100 через Tapatalk
Try to use the internal IP address in the NAT’ed router ipsec policy. You will also need to put accept rules for ipsec traffic before your masquerade rule (if there’s any in the ipsec router).
Something similar is explained here:
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Ipsec.2FL2TP_behind_NAT