Basic setup:
Mikrotik at client side creates an IPSec tunnel through their router to our SonicWall.
At the moment we have a configuration of the IPSec that works:
add address=ourpublicIP/32 dpd-interval=disable-dpd enc-algorithm=3des
exchange-mode=aggressive generate-policy=port-strict lifetime=8h my-id=
user-fqdn:our@emailaddress proposal-check=strict secret=oursecret
/ip ipsec policy
add dst-address=internalnetworkrange/24 sa-dst-address=ourpublicIP sa-src-address=
0.0.0.0 src-address=vpnIP/24 tunnel=yes
It generally connects fine, however the recommended SonicWall configuration for IPSec connections (as related to me by Dell) is for both a Peer and Local IKE ID to be presented. This was suggested after we started having a range of between 10-15 VPN drops per day (more than likely ISP related at client side, but told bosses I would chase this end down as well).
As an example, the connection above only works if we have nothing set for the ‘Local IKE ID’ on the SonicWall side.
Is there a way to set a ‘Peer IKE ID’ on the Mikrotik IPSec config, so that we can set the ‘Local IKE ID’ on the SonicWall side?
Got lots of questions about all this as I’m still learning, but really enjoying the Mikrotik experience so far!