Hi there,
i currently setting up some ipsec tunnels. On Central Side i have two wan connections. One Connection with Static Adress without NAT and the second one with LTE (behind NAT). Failover etc. is working.
But what i can’t get working is the ipsec side-to-side with the static address? If central side and client side behind NAT everything works perfekt. But if i switch back to the Static Adress on Central Side the policy gets established but no traffic goes through the tunnel.
I’m not very experienced with Mikrotik but I have set up some IPsec tunnels and would be glad to help.
I didn’t get where is your router in all this Central Side thing, but anyway, behind the router with the static address, you still have a private address network where you want to deliver traffic, isnt it? So since you are not routing to the internet with the private address, actually you are behind NAT.
Hi,
thanks for your answer, but i think i found the problem. Looks like IPSec-ESP Protokoll get’s blocked between both devices. On Client-Side i tried to enforce NAT-T and now it works over udp 4500.