IPSEC VPN Behind Nat

bibawa · October 30, 2016, 12:53pm

Dear,

I’m trying to create a IPSEC vpn connection between 2 Mikrotik Devices:

–192.168.100.0/24–MIKROTIK – 185.59.71.2 -------INTERNET ----- ISP MODEM (NAT APPLIED)-- 192.168.15.1 ----192.168.15.252—MIKROTIK — 192.168.16.0/24 —

So as you see one side of the part has a NATTED IP. When I look into the log files during the IPSEC setup I see in the log files “Phase 1 negotionation failed, couldn’t find configuration”

xx bytes messages received from 185.59.71.2[500] to 192.168.15.252[500], so as you see the package is entering the MKT with it’s natted IP as ‘source’.

How do I need to change this? Can I rewrite that natted Ip back to it’s WAN ip ?

with regards,

actrn · October 30, 2016, 4:08pm

try to put your rb client in another Natted Lan and see if work, probably issue with external double nat of client ISP.

blajah · November 1, 2016, 3:39pm

You should try NAT-T or read relevant issue here

http://forum.mikrotik.com/t/ipsec-behind-nat/33047/1