I have a hub and spoke VPN design. I have a MT RouterBoard at the spoke side. It gets its IP from the cable provider Via DHCP. Anyone set this up before? I set to aggresive mode and have all necessary parameters to talk to the sonicwall but I need a unique ID to talk to the sonicawall since the routerboard gets a dynamic address. Anyone know where in RouterOS to set the unique Identifier for the VPN tunnel to work?
Question, John Tully - MT support - Does MT work in Aggresive Mode?
If not I will just stop trying.
Thanks,
Jerry
[quote=“jroy”]Question, John Tully - MT support - Does MT work in Aggresive Mode?
You need to send support question to: support@mikrotik.com
John
You can use the following setting:
generate-policy (yes | no; default: no) - allow this peer to establish SA for non-existing policies. Such policies are created dynamically for the lifetime of SA. This way it is possible, for example, to create IPsec secured L2TP tunnels, or any other setup where remote peer’s IP address is not known at configuration time
OK, BUT the MT is the client side that has the dynamic address and the other side (SoicWall) has a static IP. Will this work then?
Can this work? Is there an example?
It depends whether SonicWall has the same feature as MT’s ‘generate-policy’.
BTW, you can use pppoe to MT router from SonicWall and then encrypt pppoe tunnel.