ipsec site-to-site azure

bexsup · February 23, 2017, 11:35pm

Hello Experts!
I am trying to create ipsec site-to-site tunnel between Azure and Mikrotik Routerboard (ROS 6.38). VPN status in established, and i can connect to the server in Azure via RDP, but connection is not stable and in the logs on Mikrotik I see the errors:

peer sent packet for dead phase 2;
failed to pre-process ph2 packet.
But if i create ipsec site-to-site tunnel between two Mikrotiks, everything works fine. How to fix this issue? Thanks in advance.

Ape · February 24, 2017, 9:37am

Hi,

could be a DPD (dead peer detection) problem. Can you find out, what values are used by the Azure gateway and set it on your MikroTik?

Regards,
Ape

irico · February 28, 2017, 11:04am

Last week I’m having the same problem with Azure, with a tunnel that has been stable for a long time. For my part I have not made any changes to the configuration or ROS update (6.37.4), so I think it may be an Azure problem.

Ape · March 3, 2017, 3:15pm

Hi,

configure verbose logging on your MikroTik and have a look what’s going on. Without details nobody is able to assist you.

Regards,
Ape