remote end of ipsec tunnel not responding

azurtem · October 29, 2014, 9:46pm

Hi

I have just setup an ipsec tunnel between and RB951G and a Cisco ASA 5505
SHA hash algo and 3DES encryption

I followed the following presentation: http://wiki.mikrotik.com/wiki/MikroTik_router_to_CISCO_PIX_Firewall_IPSEC

The tunnel seems to be up, I have SAs for both directions, though only
one has current bytes (RB => Cisco) and the info appearing in the ipsec
log seems pretty positive

I have pinged a host that is present on the remote LAN, but get I
no response, it just times’out

What I can’t figure out is how do my packets know how to get to the remote LAN ?
I haven’t created a explicit route; only the ipsec policy knows of the association
between our two LANs
I don’t know how I would create such a route because I don’t have an ‘ipsec’
interface to point to

any ideas
thanks
yann

azurtem · October 30, 2014, 10:16am

Two things:

I had wrongly indicated my ADSL modem’s WAN IP address as SA source, and not my routers WAN IP address.
Even though I had created two rules to open ports 500 and 4500, the Orange Livebox wasn’t allowing the VPN to properly setup - I used my second uplink instead which is connected to a CCR1009 and all is well - the VPN is up and running. Sweet

thanks
yann

NB
In fact it wasn’t necessary to create a route to direct traffic from one LAN to the other on the Mikrotik
I guess the IPsec policy i the one providing this routing functionality