Mikrotik RB-951G Site to Site IPSec VPN Tunnel Problem : PH2 State No Phase 2

RouterOS General
1

Dear Master,

I have a mikrotik rb 951G-2HnD v6.38.7

First, I trying to build IPSec site to site between Juniper to Mikrotik. The phase 1 and phase 2 up but somehow the traffic can not passthrough on IPSEC Tunnel.

Second, I try to update mikrotik to v6.40.3 (because traffic can not passthrough / ping rto), after the update is succeed I create a new ipsec site to site phase1 and Phase 2 on mikrotik to reconnect to juniper existing SA… But in the Phase 2 i get failed and always failed when i try to re-connect.

Here is bug :

09:29:33 ipsec searching for policy
09:29:33 ipsec policy not found
09:29:33 ipsec failed to get proposal for responder.
09:29:33 ipsec,error (public ip) failed to pre-process ph2 packet

somebody can help me.. where i’m mistake ?

2

paste your actual config ( via /export hide-sensitive)

3

i have an issue with the ipsec, routerOS 6.37.5:

these are the configurations:


/ip ipsec policy
add action=none dst-address=10.10.0.0/24 level=use sa-dst-address=10.200.80.89 sa-src-address=10.181.9.97
src-address=0.0.0.0/0 tunnel=yes
add dst-address=192.168.200.0/24 proposal=lose-256 sa-dst-address=10.200.80.90 sa-src-address=0.0.0.0
src-address=10.10.0.0/24 tunnel=yes
add dst-address=0.0.0.0/0 sa-dst-address=10.200.80.89 sa-src-address=10.181.9.97 src-address=10.10.0.0/24
tunnel=yes

/ip ipsec peer
add address=10.200.80.89/32 auth-method=rsa-signature certificate=subag_10_10.cer_0 dpd-interval=5s
exchange-mode=aggressive remote-certificate=none
add address=10.200.80.90/32 auth-method=rsa-signature certificate=subag_10_10.cer_0 dh-group=modp1536
dpd-interval=5s enc-algorithm=aes-256 remote-certificate=none


/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des lifetime=2h pfs-group=none
add enc-algorithms=aes-256-cbc lifetime=2h name=lose-256 pfs-group=none


when i try to update from 6.37.5 to 6.38.7 the ipsec doesn’t work and change a few parameters.
I tested various configurations but when restart the router this erase it (in version OS 6.38.7)

thanks in advance if you can help me.