Hello, i’am searching for some advice for a problem, I have to make a VPN connection to a Cisco Router from my RB450 (IPSec). The problem is that they only give me 2 public ip, (one for phase 1 and the other for phase 2) but no private network ip (NAT bypass problem i think), so how should I proceed? Thanks.
this question is not specific to be provided an answer
sounds like you need general IPSEC assistance
If you managed to get it to work - please paste here the configuration on both sides so others can learn from it - remove any password and private IPs.
Lets say i have to connect to a server with 2 pair of public ip.
Client 200.10.10.33 ↔ Server 190.11.11.50 (for peer connection)
Client 200.10.11.20 ↔ Server 190.11.12.40 (for ED)
My client side config is something like this:
/ip ipsec peer
add address=190.11.1.50 port=500 auth-method=pre-shared-key secret=“test”
/ip ipsec policy
add src-address=200.10.11.20 src-port=any dst-address=190.11.12.40 dst-port=any
sa-src-address=200.10.10.33 sa-dst-address=190.11.11.50
tunnel=yes action=encrypt proposal=default
/ip firewall nat
add chain=srcnat action=accept place-before=0
src-address=200.10.11.20 dst-address=190.11.12.40
I have one interface for the both addresses 200.10.10.33 and 200.10.11.20 which are masquerade.
When i use the telnet 190.11.12.40 i can see phase 1 and 2 established, but i cant reach 190.11.12.40 if i ping.