Problem with ipsec tunnel

RouterOS General
1

Hi guys!

I got stucked at configuring mikrotik’s ipsec tunnels.

There are three routers:

  1. First office

WAN IP 1.1.1.1
lan 192.168.1.0/24
IP-tunnel 10.10.10.2/29

  1. second office
    WAN IP 2.2.2.2
    lan 192.168.2.0/24
    IP-tunnel 10.10.10.3/29

  2. VM on the server

WAN ip 3.3.3.3
lan 192.168.10.0/24
IP tunnel 10.10.10.1/29

Each router has static WAN ip.

I did the following:

  1. Interface of the IP-tunnel on each routerHanged an IP address higher on each router on this interface
  2. I added nat rules ( on VM two rules)
  3. I added the route, the gateway pointed out the external interface ( on VM two routes)
  4. I added a proposal (on microtics in VM one for both feasts)
  5. I added peers (on VM for both offices)
  6. Added IPsec policy (on VM one on both feasts)

Looked at Remote Peers, SA - all ok. Enabled included ipsec’s log.

The problem is the following: in the first office traffic goes to both sides without problems, in the second office traffic does not go.

Packet Sniffer, but on microtik in the second office do not come packets icmp from the server.

What could be the problem?

2

Check that the src-address and dst-address of installed-sa at both ends show only IP addresses, not ports - this should be the case as you say that all three devices have public IP addresses.

Check that you have permitted protocol ipsec-esp in firewall input rules on the machine where you cannot see incoming traffic.
If it is permitted there, it is possible that the ISP is filtering ESP packets, it seems to be more common than one would expect.