Hello,
we have to configure ipsec tunnel to our customer, who has Juniper router, only what we have are following parameters
Is is possible to establish such tunnel on cheap router (RB960PGS) ?
Kind Regards,
Device Manufacturer Juniper
Model SSG 140
VPN Gateway x.x.x.x
IKE Phase 1
Internet-Key-Exchange-Pro IKEv1
Authentication Method PSK
Diffie-Hellman Group 5
Encryption Algorithm AES-CBC (256 Bits)
Hash-Algorithm SHA2 (256 Bits)
Lifetime IKE Phase 1 28800
Xauthentication Mode Disable
I’m not sure what “Proxy ID Enable” means, but otherwise I don’t see anything clearly not supported by RouterOS. Phase 1 config goes in /ip ipsec peer, phase 2 in /ip ipsec proposal, group names can be found here, then specify what traffic should go via tunnel in /ip ipsec policy, and that should be it.
Hello again,
as you predicted, we have a problem with the proxy id setting. As admin of juniper sad, our side has no proxy ID configured for phase 2
I am affraid, there is no such setting on mikrotik…
will be happy if someone could shed some light on it
Unfortunately for you, I don’t know anything about Juniper, but I’m sure somebody else here does. Lets hope they notice your thread.
But if I had this problem, I’d start with IPSec logs. If you enable “ipsec” topic in System->Logging, you’ll get a lot of logs from IPSec. Go through them and hopefully there will be some hint what’s wrong. I’m wondering if this proxy ID is anything related (or can be influenced by) “My ID” option in RouterOS.
The Juniper should be set up as a policy-based VPN, it seems that they have it set up as route-based, and only partially at that, if the cited config is complete.
I do not believe that it is possible to use IPSec in a route-based configuration unless both endpoints are Juniper devices.
Proxy ID should not be enabled on the Juniper router.