Hello I’m pretty new to the Mikrotik routers, but fell instantly in love with crazy amount of configuration you can do for such a low cost.
I am currently trying to setup a VPN IPSec site to site connection between a Mikrotik RB750 and a Cisco RVS4000 small business router we have setup in our lab.
The RVS4000 doesn’t give me much configuration options so I’m having to make my Mikrotik conform to the Cisco.
Here are the settings I’m using on the Cisco RVS4000
Here is the Policy setting on the RB750
Here is the peer setup
Here is the proposal setup
I believe I have everything set right but the routers are not talking. If anyone can point out what might be wrong I would appreciate it.
I have read that there are some issues keep links with Cisco routers going with IPsec, I’m not that concerned with that since this is just for a SIP phone test setup.
In Cisco, you have configured Phase-2 authentication-3DES and encryption-SHA1, But In mikrotik at proposal(Phase-2)you have used Auth-MD5 and Encry-3DES.
Second thing, try to change IPSEC protocol “ESP” in Policy at mikrotik, Cisco default IPSEC protocol is ESP.
Okay so update on the IPSEC between my RB750 to Cisco RVS4000:
So I found Greg Sowell’s video tutorials on MikroTik routers and specifically IPSec between mikrotik to mikrotik and mikrotik to some more advance Cisco equipment then my RVS4000. http://gregsowell.com/?p=1290
Here is the link
The first problem I was having was that I was not sending any interesting traffic across the VPN tunnel so nothing was showing up the SA table.
So I starting sending a ping across the link from one of my internal LAN ports not my WAN on the Mikrotik.
Also I had comcast change out my router, give me a static IP address, and turn off the DHCP server on there router/modem combo while doing all this. This threw a huge wrench into what I was doing and I had to find this http://forum.mikrotik.com/viewtopic.php?f=13&t=44407 thread on how to setup static WAN IP addresses on my Mikrotik.
I’m still having some issues with this. My WAN port works fine to get to the web and my VPN but my lan ports get timeouts. I think something is wrong with my firewall or NAT settings.
I changed the DH encryption bit rate to modp 1024 for both Phase 1 and Phase 2. Set both to 3DES and MD5 for phase 1 and phase 2. Ensured the RVS4000 had the same settings and once I did my pings caused the VPN to go live.
So for anyone else having problems. Make sure you have a ping going while your setting up the VPN connection from a Mikrotik local port, to a local address on the other side.
Also make sure all the settings match on the Mikrotik and the RVS4000, and it should work.
If you watch Greg Sowell’s video on VPN he also suggests adding a SRCNAT rule to your IP → firewall → NAT. You want to set any local DHCP mikrotik traffic going to the local dhcp addresses on the other side of your VPN to be set to action Accept.
Example source 192.168.1.0/24 dest 192.168.20.0/24 action set to accept, and then move it to the top of the list.
