I configured following Setup:
Draytek: Local Subnet 192.168.40.0/24 The WAN IP is dynamic. 217.91.xxx.xxx
IPSEC with PSK
Only Dial Out
Main Mode
MD5/3des
MikroTik Local Subnet 192.168.32.0/24 The WAN IP is static. 77.22.xxx.xxx
[admin@MikroTik] /ip ipsec peer> print
Flags: X - disabled, D - dynamic
0 address=0.0.0.0/0 local-address=0.0.0.0 passive=no port=500 auth-method=pre-shared-key secret=“1234” generate-policy=port-override policy-template-group=default exchange-mode=main send-initial-contact=no nat-traversal=no proposal-check=obey hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
When the Tunnel is established i can Ping every Client on the Mikrotik Server Side.
[admin@MikroTik] /ip ipsec remote-peers>
0 local-address=77.22.xxx.xxx remote-address=217.91.xxx.xxx state=established side=responder established=14m9s
The Policy 1 is generated by the connection:
[admin@MikroTik] /ip ipsec policy>
0 T * group=default src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all proposal=default template=yes
1 D src-address=217.91.xxx.xxx/32 src-port=any dst-address=192.168.32.0/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=217.91.xxx.xxx sa-dst-address=77.22.xxx.xxx priority=2
Please Help, whats wrong with this configuration? Hiw can i Tell the Mikrotik to use the IPSEC Tunnel to reach the 192.168.40.0/24 Network?
