Whenever I try to turn off tunnel mode in RouterOS I get
Couldn’t Change IPsec Policy <192.168.0.0/22 → 192.168.4.0/24> transport mode policy must have /32 mask (6).
Anyone have any idea why it says that? I need it in transport mode so it will stop encrypting headers and I can see VOIP traffic.
This means that your policy encrypts traffic from your local network to remote local network, in the transport mode you should change the policy that mathes traffic from WAN to WAN , that’s why it requests /32 IP your WAN IP like: 78.52.1.36 → 178.5.23.2
I hope this helps you.
Regards.
Faton.
P.S. You have an example in the Mikrotik Wiki IPSEC with Dynamic Routing Cisco Mikrotik.
So I need to replace the 192.168.0.0/22 and 192.168.4.0/24 with the real ip’s of my networks? Will my VPN still work the same?
here you have the complete solution, just instead of the dynamic routing you can use static routes.
http://wiki.mikrotik.com/wiki/IPSec_VPN_with_Dynamic_Routing_/_Mikrotik_and_Cisco
Regards.
Faton