Hello everyone
I have a problem to assign the IPsec over GRE between two Route OS, between two router I have GRE tunnel and have a Public IP in each Router.
From Router A I can ping the Router B local network and in the Router B I can ping Router A local network.
But when I config the IPsec peer and policy I can’t ping from Router A to the Router B local network and Router B to Router A local network.
This is my configuration on my routers.
Router A
Public IP: 1.1.1.1
GRE interface IP: 172.16.1.1/30
Local Network: 192.168.1.1/24
IP Nat
chain=srcnat action=accept src-address=192.168.2.0/24 dst-address=192.168.0.0/16
chain=srcnat action=masquerade
IPsec peer
address=1.1.1.1/32 port=500 auth-method=pre-shared-key secret=“test”
generate-policy=no exchange-mode=main send-initial-contact=yes
nat-traversal=no my-id-user-fqdn=“” proposal-check=obey hash-algorithm=md5
enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0
dpd-interval=2m dpd-maximum-failures=5
/IPsec policy
src-address=1.1.1.2/32 src-port=any dst-address=1.1.1.1/32
dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp
tunnel=no sa-src-address=1.1.1.2 sa-dst-address=1.1.1.1
proposal=default priority=0
Router B
Public IP: 1.1.1.2
GRE interface IP: 172.16.1.2/30
Local Network: 192.168.2.1/24
IP Nat
chain=srcnat action=accept src-address=192.168.3.0/24 dst-address=192.168.0.0/16
chain=srcnat action=masquerade
IPsec peer
address=1.1.1.2/32 port=500 auth-method=pre-shared-key secret=“test”
generate-policy=no exchange-mode=main send-initial-contact=yes
nat-traversal=no my-id-user-fqdn=“” proposal-check=obey hash-algorithm=md5
enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0
dpd-interval=2m dpd-maximum-failures=5
/IPsec policy
src-address=1.1.1.1/32 src-port=any dst-address=1.1.1.2/32
dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp
tunnel=no sa-src-address=1.1.1.1 sa-dst-address=1.1.1.2
proposal=default priority=0
Please advise me how to encrypt “GRE Tunnel” with IPsec correctly.
Thank you