[solved] IPSec networks didnt work with Cisco router

mpixel · July 4, 2011, 12:51pm

Parameters given from big hosting provider (He has cisco router):
Phase 1:

encryption: 3DES
hashing: MD5
DH-group: 2
Lifetime: 86400s
ISAKMP keep-alivces: enabled
authentication: preshared key

Phase 2:

encryption: 3DES
hashing: MD5
perfect-forwarding-secrecy: no
Lifetime: 28800s
networks to encrypt:

10.10.110.0/24 <=> 172.16.0.0/16
10.10.110.0/24 <=> 10.0.3.0/16

With my cisco it works correctly. With my mikrotik doesnt. Why?

If you are from mikrotik I can give you access, to find out problem.

ditonet · July 4, 2011, 11:21pm

perfect-forwarding-secrecy: no

but on attached screenshot PFS Group is set to ‘modp1024’.

HTH,

mpixel · July 5, 2011, 5:58am

I tried also this, but still doesnt work.

ditonet · July 5, 2011, 7:59am

Do you have more than one IP address on your WAN interface?
If yes, use the first one in your IPSec policy.
And log shows that your local and remote ID doesn’t match (lines 5 to 10).

HTH,

mpixel · July 5, 2011, 8:27am

"And log shows that your local and remote ID doesn’t match (lines 5 to 10). "
ID is generated form network , perhaps…

encrypted network 10.0.3.0/16 was the mistake.
I have bad information from our provider. I tried 10.0.3.0/24 and it works !!!

Thank you very much.
karma +1