RB2011 site to site IPSEC VPN problems

itworks · March 20, 2016, 10:43pm

Hi all.

First time doing an IPSEC VPN on a Mikrotik but do have quite a bit of Cisco and Draytek experience.

Both sites have an RB2011 running 6.34.3 and have an ethernet ISP connection that is doing masqerade NAT.

The IPSEC peer establishes okay and the installed SA’s appear when I initiate some interesting traffic.

I can ping from the LAN address of the mikrotik’s to each other but nothing else on the same lan segments.

I followed the guide on here about setting up VPN. Would appreciate some help. Can post configs etc if required.

Cheers
Matt.

pe1chl · March 21, 2016, 9:21am

Try to add a rule in the NAT tab of the IP Firewall, above what is already there, to ALLOW traffic from your local
net to the remote network of the IPsec tunnel.

itworks · March 22, 2016, 12:09am

Thanks for your reply.

I have a src nat bypass rule in place for outbound and had to add a firewall rule to permit incoming traffic.

I have the issue now where I can ping from a host to a client and then also in return but only if the VPN is initiated from the host end by interesting traffic. If I attempt to initiate it from the other end I can’t ping.

Is it possible to specify the initiator and responder ends in the config? I can’t see it anywhere.

Cheers
Matt.