Hello world,
I’m a new forum user, sorry for bad english. I have a problem to do a VPN connection beetween my office (A) and my client office (B). Office A using Mikrotik RB1100 while Office B using Watchguard XTM.
The topology maybe like this :
Local PC (192.168.x.x)--------Mikrotik RB1100(123.231.xx.xx)----Cloud Internet-----Watchguard XTM (180.250.xx.xx)-------Local PC(180.250.xx.xx)
The problem is the connection is established and Office B successfully ping to my local computer but Office A cannot ping to local Office B. I have read Manual IPSec Configuration that IPSec must have Bypass NAT. But when I apply bypass NAT to my RB1100, my local cannot ping to IP WAN Watchguard XTM (180.250.xx.xx). Before I apply Bypass NAT, I can ping to IP WAN 180.250.xx.xx.
Here my Installed SA
[xxxxx@xxxxxxxxx] > ip ipsec installed-sa pr
Flags: A - AH, E - ESP, P - pfs
0 E spi=0xFC9C98B src-address=180.250.xx.xx dst-address=123.231.xx.xx auth-algorithm=sha1 enc-algorithm=aes
replay=4 state=mature auth-key="9eedd3582f9ba2ce2e26cfb19e41d1f9828865ba"
enc-key="7aaf3063796856656687821e68c563bbe550c591c75740dd46b07f210d3a51c7" add-lifetime=6h24m/8h
use-lifetime=0s/0s lifebytes=0/0
1 E spi=0x66C6AB3A src-address=123.231.xx.xx dst-address=180.250.xx.xx auth-algorithm=sha1 enc-algorithm=aes
replay=4 state=mature auth-key="389c66628716f163a24fb8b495e59d565c586166"
enc-key="d2a00d16783053eda8e94365735c0cc28f9108ad110f87508043e496a94dab8c" add-lifetime=6h24m/8h
use-lifetime=0s/0s lifebytes=0/0
So, how I can succesfully ping to local Office B while the IPSec connection beetween Office A and Office B is established??