Hi,
I’am struggeling a bit with configuring an IPsec-tunnel with dynamic IP on one site. So my setup is:
Mikrotik (192.168.79.0/24 / static WAN-IP) ↔ LTE-Router (192.168.83.0/24, dynamic WAN-IP)
So I tried to setup the mikrotik with a template policy as followed:
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024 enc-algorithm=3des generate-policy=port-override hash-algorithm=md5 passive=yes secret=1234567890
/ip ipsec policy
add dst-address=192.168.79.0/24 group=ZWA src-address=192.168.83.0/24 template=yes
On the LTE-Router on the other side I don’t have much options. Just so setup phase1 and 2 parameters plus remote-IP, remote-subnet, PSK, aggressive or main-mode.
What I can see on the Mikrotik log is an incoming phase1 packet, which is retransmitted several times. After a few retries I got an error saying “phase1 negotiation failed due to time up”. I don’t think the firewall on Mikrotik or the LTE-Router are misconfigured as I have other IPsec tunnels working on each of the devices.
As this is’nt a classic roar-warrior setup I can’t use IKE-config modes (I found tutorials for that). So it is supposed to be a site-to-site tunnel.
Any ideas?
Thx