IPsec problem

RouterOS General
1

Hi

1st situation.
I create IPsec between A1 (Windows 2012R2 server my domain) un B1 (PC) points. I want to PC from B point add to my domain. Everything works and is super. No problems.


2.st situation.
I create IPsec between A2 (Windows 2016 server my domain) un B2 (PC) points. I want to PC from B2 point add to my domain. And here start problems. I can ping from A2 all device in point B2 and from B2 point all device in A2 point. I can create "Remote desktop" to server from B2 point to A2. But I cant add PC from B2 point to server, cant open shared name from B2 to A2 point.

My firewall config:
jun/06/2018 11:01:29 by RouterOS 6.42.1

software id = KZ7C-L4YN

model = CCR1016-12G

serial number = 52A20459244C

/ip firewall filter

add action=drop chain=input connection-state=invalid
add action=drop chain=input disabled=yes dst-port=53 in-interface=public2 protocol=tcp
add action=drop chain=input disabled=yes dst-port=53 in-interface=public2 protocol=udp
add action=accept chain=input comment="KC Ipsec" in-interface=public2 protocol=tcp src-address=80.232.253.102
add action=accept chain=input comment="Ipsec test" protocol=udp src-port=1701,500,4500
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related

in/out-interface matcher not possible when interface (local5) is slave - use master instead (bridge-dati)

add action=accept chain=input in-interface=local5 src-address=192.168.0.0/24
add action=accept chain=input comment="VoIP telefonu piekluve" log=yes log-prefix=telefoni src-address=95.130.35.101

p2p matcher is obsolete please use layer7 matcher instead

add action=log chain=forward log=yes log-prefix=torent p2p=all-p2p
add action=accept chain=input comment="VoIP 5060" dst-address=80.232.208.39 dst-port=5060 protocol=udp src-address=
212.70.182.229 src-port=5060
add action=accept chain=input comment=VoIP dst-address=80.232.208.39 port=10000-20000 protocol=udp src-address=212.70.182.229
add action=accept chain=output comment=VoIP dst-address=212.70.182.229 dst-port=88 protocol=tcp src-address=80.232.208.39
add action=drop chain=forward comment="Drop Blaster Worm-Virus-Block" dst-port=135-139 protocol=tcp
add action=drop chain=forward comment="Drop Blaster Worm--Virus-Block" dst-port=135-139 protocol=udp
add action=drop chain=forward comment="Drop Blaster Worm" dst-port=445 protocol=udp
add action=drop chain=forward comment="Drop Blaster Worm--Virus-Block" dst-port=445 protocol=tcp
add action=drop chain=forward comment="Viruss Block" dst-port=593 protocol=tcp
add action=drop chain=forward comment="Viruss Block" dst-port=1024-1030 protocol=tcp
add action=drop chain=forward comment="Viruss Block" dst-port=1080 protocol=tcp
add action=drop chain=forward comment="Viruss Block" dst-port=1214 protocol=tcp
add action=drop chain=forward comment="VoIP trafic block" dst-address=172.16.7.0/24 protocol=icmp src-address=192.168.0.0/24
add action=drop chain=forward comment="VoIP trafic block" dst-address=192.168.0.0/24 protocol=icmp src-address=172.16.7.0/24
add action=drop chain=forward comment="VoIP block" dst-address=172.16.7.0/24 protocol=tcp src-address=192.168.0.0/24
add action=drop chain=forward comment="Block trafic" dst-address=192.168.0.0/24 protocol=tcp src-address=172.16.7.0/24
add action=drop chain=forward comment="VoIP block" dst-address=172.16.7.0/24 protocol=udp src-address=192.168.0.0/24
add action=drop chain=forward comment="VoIP block" dst-address=192.168.0.0/24 protocol=udp src-address=172.16.7.0/24
add action=log chain=forward disabled=yes log=yes log-prefix=torent p2p=all-p2p
add action=drop chain=output dst-address=172.16.7.0/24 protocol=icmp src-address=192.168.0.0/24
add action=drop chain=input
add action=drop chain=forward dst-address=192.168.0.0/24 src-address=10.1.5.0/24
/ip firewall nat
add action=accept chain=srcnat comment=test dst-address=10.5.5.0/24 src-address=192.168.0.0/24
add action=dst-nat chain=dstnat dst-address=80.232.208.36 dst-port=80 protocol=tcp to-addresses=10.10.0.102 to-ports=80
add action=src-nat chain=srcnat dst-address=10.10.0.0/24 src-address=192.168.0.0/24 to-addresses=10.10.0.1
add action=src-nat chain=srcnat comment="LAN uz internet 80.232.208.38" dst-address=0.0.0.0/0 log-prefix=srcnat src-address=
192.168.0.0/24 to-addresses=80.232.208.38
add action=src-nat chain=srcnat comment="VoIP uz internetu." src-address=172.16.7.0/24 to-addresses=80.232.208.39
add action=src-nat chain=srcnat comment="testam uz 80.232.208.34" disabled=yes out-interface=public2 src-address=10.10.0.103
to-addresses=80.232.208.34
add action=src-nat chain=srcnat comment="Muzikas skola un ... iziet uz internetu ar 37. adresi" dst-address=0.0.0.0/0
src-address=10.1.0.0/16 to-addresses=80.232.208.37
add action=src-nat chain=srcnat comment="10.10.0.0 t'ikls uz 80.232.208.36" src-address=10.10.0.0/24 to-addresses=
80.232.208.36
add action=src-nat chain=srcnat comment="VLAN - z'ales publiskais internets uz adersi 80.232.208.34" dst-address=0.0.0.0/0
src-address=172.20.0.0/24 to-addresses=80.232.208.34
add action=dst-nat chain=dstnat dst-address=80.232.208.36 dst-port=443 protocol=tcp to-addresses=10.10.0.102 to-ports=443
add action=dst-nat chain=dstnat dst-address=80.232.208.36 dst-port=993 protocol=tcp to-addresses=10.10.0.102 to-ports=993
add action=dst-nat chain=dstnat dst-address=80.232.208.36 dst-port=143 protocol=tcp to-addresses=10.10.0.102 to-ports=143
add action=dst-nat chain=dstnat comment=DNS dst-address=80.232.208.35 dst-port=53 protocol=udp to-addresses=10.10.0.105
to-ports=53
add action=dst-nat chain=dstnat comment=DNS dst-address=80.232.208.35 dst-port=53 protocol=tcp to-addresses=10.10.0.105
to-ports=53
add action=dst-nat chain=dstnat dst-address=80.232.208.35 dst-port=80 protocol=tcp to-addresses=10.10.0.104 to-ports=80
add action=dst-nat chain=dstnat dst-address=80.232.208.35 dst-port=443 protocol=tcp to-addresses=10.10.0.104 to-ports=443
add action=dst-nat chain=dstnat comment=RemootDesktop dst-address=80.232.208.40 dst-port=3389 protocol=tcp to-addresses=
192.168.0.201 to-ports=3389
add action=dst-nat chain=dstnat comment=Zonde dst-address=80.232.208.39 dst-port=1233 log-prefix=zonde protocol=tcp
to-addresses=192.168.0.201 to-ports=1233
add action=dst-nat chain=dstnat comment="Zonde, test DNS islaicigi" disabled=yes dst-address=80.232.208.39 dst-port=22
log-prefix=zonde protocol=tcp to-addresses=10.10.0.165 to-ports=22
add action=dst-nat chain=dstnat dst-address=80.232.208.45 to-addresses=10.10.0.131
add action=dst-nat chain=dstnat comment="tic web" dst-address=80.232.208.42 dst-port=22 protocol=tcp to-addresses=10.10.0.135
to-ports=22
add action=dst-nat chain=dstnat comment="tic web" dst-address=80.232.208.42 dst-port=80 protocol=tcp to-addresses=10.10.0.135
to-ports=80
add action=dst-nat chain=dstnat comment="tic web" dst-address=80.232.208.42 dst-port=443 protocol=tcp to-addresses=
10.10.0.135 to-ports=443
add action=dst-nat chain=dstnat disabled=yes dst-address=80.232.208.42 dst-port=21 protocol=tcp to-addresses=10.10.0.136
to-ports=21

Any suggestions?
:slight_smile: