Hi,
i have problem with ipsec on mikrotik 532A.
My confuguration on mikrotik is:
ip ipsec peer
Flags: X - disabled
0 address=199.165.99.208/29:500 auth-method=pre-shared-key
secret=“alcasysalcasysalcasys” generate-policy=no exchange-mode=main
send-initial-contact=yes nat-traversal=no proposal-check=obey
hash-algorithm=sha1 enc-algorithm=3des dh-group=modp1536 lifetime=8h
lifebytes=0 dpd-interval=disable-dpd dpd-maximum-failures=1
proposal
1 name=“alcasys” auth-algorithms=sha1 enc-algorithms=3des lifetime=8h
pfs-group=modp1536
policy
0 src-address=199.165.99.208/29:any dst-address=199.165.53.32/28:any
protocol=all action=encrypt level=use ipsec-protocols=esp tunnel=yes
sa-src-address=199.165.99.211 sa-dst-address=199.165.99.212
proposal=alcasys manual-sa=none priority=0
freeswan config is:
conn alcasys
keyexchange=ike
auth=esp
authby=secret
esp=3des-sha1
ike=3des-sha1-modp1536
pfs=yes
compress=no
left=199.165.99.212
leftsubnet=199.165.99.208/29
right=199.165.99.211
rightsubnet=199.165.53.32/28
keyingtries=0
keylife=28800
ikelifetime=28800
auto=add
…
Phase 1 is ok but Phase 2 is not correct.
Remote peer in mikrotik:
PH2 act 0
PH2 tot 0
in left corner - established
Any advice?
Thanks a lot.