Mikrotik to Cisco IPSec VPN

azurtem · September 30, 2015, 5:58am

Hi

I replaced a customers Cisco ASA 5505 with a CCR1009

There were three IPSec VPN links which I implemented on the CCR1009 and everything is working fine

One thing I don’t understand though is how to point to a VPN link

I need to add a route to guide traffic through one of the VPN links to the routeur that is situated at the other end of the VPN link

I tried creating a route indicating the remote router’s local IP address as gateway but the CCR1009 isn’t able to see it

Any ideas ?
thanks
yann

andriys · September 30, 2015, 12:57pm

Classic (policy-based) IPsec does not take routing into account by design. IPsec policy is the only thing that determines which traffic gets encrypted and sent over the tunnel.

azurtem · October 1, 2015, 6:54am

Thanks Andriys
We learn something new everyday

azurtem · October 5, 2015, 11:24am

Actually I still have a querstion regarding this issue

The LANs at either end can communicate with each other successfully

However I am unable to get the Mikrotik router, that is one end of the IPSec VPN tunnel, to route (dstnat) incoming (internet) traffic to the other end of the tunnel ?

thanks
yann

andriys · October 6, 2015, 7:21am

If you still fighting the problem and is in need for help, please post your current config here.

azurtem · October 7, 2015, 7:49am

thanks Andryis

I figured it out : the problem was that the incoming connection didn’t belong to the LAN
therefore I had to create a srcnat rule to change the source address of the incoming connection