IPSEC TUNNELING CONFIGURATION

Dear All,
I have two networks on two different geographical locations and i want to communicate between the LANS. Can please anybody help me giving the minimum configuration details to start the communication between the two local LANS

Router A:
Public Int:202.65.158.89
Local: 192.168.20.1/24

Router B:
Public Int:202.153.41.172
Local: 192.168.80.1/24

This is my setup.I am using NATing only. Since I want to make communication between 192.168.20.0/24 and 192.168.80.0/24 network.

Thanks & Regards
Sam

You can start from here,
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec

Try this:

http://gregsowell.com/?p=787

-tp

Dear All,
Currently I am testing it on 2.9.51 and i want to implement on version3 also.
So will 2.9.51 supports ipsec tunnelling.

Thanks & Regards
Sam

2.9.51 is old and out of support. Upgrade, as it’s free.

on 2.9.51 and i want to implement on version3 also.

not only 2.9.51 is old, v3 is old too

use v4.10 or v5 beta

cant tunnelling work on v3..
I tried hard to configure tunnel between two mikrotik v3.22.
But i failed.
Please suggest me in which version will i can able to configure tunnel.

the difference between using an old version and a new version, is that you will get help when using the new one.

when using old versions, you are on your own.

Ok..let me try once in the newer version…V4.10

Hi,

# Router A config

/ip ipsec proposal
add auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des lifetime=\
    30m name=your_proposal_name pfs-group=modp1024
/ip ipsec peer
add address=202.153.41.172/32:500 auth-method=pre-shared-key comment="" \
    dh-group=modp1024 disabled=no dpd-interval=1m dpd-maximum-failures=2 \
    enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=\
    sha1 lifebytes=0 lifetime=1d nat-traversal=no proposal-check=obey secret=\
    your_secret send-initial-contact=yes
/ip ipsec policy
add action=encrypt comment="" disabled=no dst-address=192.168.80.0/24:any \
    ipsec-protocols=esp level=unique priority=0 proposal=your_proposal_name \
    protocol=all sa-dst-address=202.153.41.172 sa-src-address=202.65.158.89 \
    src-address=192.168.20.0/24:any tunnel=yes
/ip firewall nat
add action=accept chain=srcnat comment="IPSec VPN" disabled=no dst-address=\
    192.168.80.0/24 out-interface=WAN src-address=192.168.20.0/24
/ip firewall filter
add action=accept chain=input comment=IPSec-ESP disabled=no dst-port=500 \
    protocol=udp src-port=500
add action=accept chain=input comment=IPSec-ESP disabled=no protocol=\
    ipsec-esp
add action=accept chain=output comment=IPSec-ESP disabled=no protocol=\
    ipsec-esp  

# Router B config

/ip ipsec proposal
add auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des lifetime=\
    30m name=your_proposal_name pfs-group=modp1024
/ip ipsec peer
add address=202.65.158.89/32:500 auth-method=pre-shared-key comment="" \
    dh-group=modp1024 disabled=no dpd-interval=1m dpd-maximum-failures=2 \
    enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=\
    sha1 lifebytes=0 lifetime=1d nat-traversal=no proposal-check=obey secret=\
    your_secret send-initial-contact=yes
/ip ipsec policy
add action=encrypt comment="" disabled=no dst-address=192.168.20.0/24:any \
    ipsec-protocols=esp level=unique priority=0 proposal=your_proposal_name \
    protocol=all sa-dst-address=202.65.158.89 sa-src-address=202.153.41.172 \
    src-address=192.168.80.0/24:any tunnel=yes
/ip firewall nat
add action=accept chain=srcnat comment="IPSec VPN" disabled=no dst-address=\
    192.168.20.0/24 out-interface=WAN src-address=192.168.80.0/24
/ip firewall filter
add action=accept chain=input comment=IPSec-ESP disabled=no dst-port=500 \
    protocol=udp src-port=500
add action=accept chain=input comment=IPSec-ESP disabled=no protocol=\
    ipsec-esp
add action=accept chain=output comment=IPSec-ESP disabled=no protocol=\
    ipsec-esp

Finally move these NAT rules to position 0.

Hope this help.

Regards, Grzegorz.

I will try this one…Thanks