VPN between Cisco and Mikrotik

josu · November 3, 2015, 9:03pm

Hello all,

I have 2 office which I want to join them with VPN.

In one I have a Cisco router with a static public IP and in the other office I have a dynamic public IP and I wan to put a Mikrotik device.

Is it possible to join both sites with VPN? The idea is to get 192.168.1.0/24 in one site and 192.168.2.0/24 in the other site.

In other Cisco VPN with static public IP I use configure this way:

interface Tunnel0
 ip unnumbered Dialer1
 tunnel source Dialer1
 tunnel mode ipsec ipv4
 tunnel destination x.x.x.x
 keepalive 60 5
 tunnel source Loopback0
 tunnel protection ipsec profile PERFIL_S2S
end

Now the problem is that I can not configure “tunnel destination x.x.x.x” in the CIsco site, this will dynamic IP.

I will appreciate your help.

Best regards.

josu · November 4, 2015, 9:40am

Hello again,

I have this:

In Cisco with static IP:

interface Tunnel1
 description Mikrotik Tunnel
 ip address 10.0.0.1 255.255.255.0
 tunnel source Loopback0
 !
 ip route 192.168.2.0 255.255.255.0 Tunnel1

In Mikrotik with dynamic IP:

interface gre add name=tunnel0 remote-address=45.x.x.x
ip address add address=10.0.0.2/24 interface=tunnel0

ip route add dst-address=192.168.1.0/24 gateway=10.0.0.2

Now I can make pings from Mikrotik to 10.0.0.1:

[admin@MikroTik] > ping 10.0.0.1 
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                                         
    0 10.0.0.1                                   56  44 109ms
    1 10.0.0.1                                   56  44 107ms
    2 10.0.0.1                                   56  44 106ms
    sent=3 received=3 packet-loss=0% min-rtt=106ms avg-rtt=107ms max-rtt=109ms

But not to the LAN side:

[admin@MikroTik] > ping 192.168.1.1
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                                         
    0 192.168.1.1                                            timeout                                                                                                                        
    1 192.168.1.1                                            timeout                                                                                                                        
    2 192.168.1.1                                            timeout                                                                                                                        
    3 192.168.1.1                                            timeout                                                                                                                        
    sent=4 received=0 packet-loss=100%

From Cisco router I can do ping to remote 10.0.0.2 (I think it is not working, 6ms is not real for remote site):

#ping 10.0.0.2  
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

But nothing to remote LAN:

#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Am I missing something?

I will appreciate any help.

Kind regards.