Hi,
I’ve followed a couple of guides, as well as tried adapting the auto-generated config files for Juniper & Cisco devices, but im not seeming to have any luck in getting my MikroTik RouterOS v6.1 to be able to establish a tunnel, essentially i get the following error:
19:34:22 ipsec,debug,packet ==========
19:34:22 ipsec,debug,packet 56 bytes message received from 137.x.x.145[500] to 27.x.x.248[500]
19:34:22 ipsec,debug,packet 0314bb10 fbf69303 31b1358f ef717772 0b100500 e79f540b 00000038 0000001c
19:34:22 ipsec,debug,packet 00000001 0110000e 0314bb10 fbf69303 31b1358f ef717772
19:34:22 ipsec,debug,packet receive Information.
19:34:22 ipsec,debug,packet begin.
19:34:22 ipsec,debug,packet seen nptype=11(notify)
19:34:22 ipsec,debug,packet succeed.
19:34:22 ipsec,debug fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
19:34:22 ipsec,debug,packet notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=1 spi=0314bb10fbf69303
31b1358fef717772 (size=16).
19:34:32 ipsec,debug,packet 344 bytes from 27.x.x.248[500] to 137.x.x.145[500]
19:34:32 ipsec,debug,packet sockname 27.x.x.248[500]
19:34:32 ipsec,debug,packet send packet from 27.x.x.248[500]
19:34:32 ipsec,debug,packet send packet to 137.x.x.145[500]
19:34:32 ipsec,debug,packet src4 27.x.x.248[500]
19:34:32 ipsec,debug,packet dst4 137.x.x.145[500]
19:34:32 ipsec,debug,packet 1 times of 344 bytes message will be sent to 137.x.x.145[500]
19:34:32 ipsec,debug,packet 0314bb10 fbf69303 00000000 00000000 01100200 00000000 00000158 0d000038
19:34:32 ipsec,debug,packet 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 800c7080
19:34:32 ipsec,debug,packet 80010007 800e0080 80030001 80020002 80040002 0d000014 4a131c81 07035845
19:34:32 ipsec,debug,packet 5c5728f2 0e95452f 0d000014 8f8d8382 6d246b6f c7a8a6a4 28c11de8 0d000014
19:34:32 ipsec,debug,packet 439b59f8 ba676c4c 7737ae22 eab8f582 0d000014 4d1e0e13 6deafa34 c4f3ea9f
19:34:32 ipsec,debug,packet 02ec7285 0d000014 80d0bb3d ef54565e e84645d4 c85ce3ee 0d000014 9909b64e
19:34:32 ipsec,debug,packet ed937c65 73de52ac e952fa6b 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56
19:34:32 ipsec,debug,packet 0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e
19:34:32 ipsec,debug,packet 086381b5 ec427b1f 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862 0d000014
19:34:32 ipsec,debug,packet 4485152d 18b6bbcd 0be8a846 9579ddcc 0d000014 12f5f28c 457168a9 702d9fe2
19:34:32 ipsec,debug,packet 74cc0100 00000014 afcad713 68a1f1c9 6b8696fc 77570100
19:34:32 ipsec,debug,packet resend phase1 packet 0314bb10fbf69303:0000000000000000
19:34:32 ipsec,debug,packet ==========
The thing is, from the guides > http://blogs.technet.com/b/rharper/archive/2012/11/15/creating-a-site-to-site-vpn-with-windows-azure-and-mikrotik-routeros.aspx and http://luka.manojlovic.net/2012/09/02/site-to-site-vpn-between-your-infrastructure-and-windows-azure-using-mikrotik/ everything appears to be configured correctly on the MikroTik, but heres an export of the settings for reference:
IPSec Config:
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128 lifetime=1h pfs-group=none
/ip ipsec peer
add address=137.x.x.145/32 dpd-interval=disable-dpd dpd-maximum-failures=1 enc-algorithm=aes-128 hash-algorithm=sha1 lifetime=8h my-id-user-fqdn=27.x.x.248 nat-traversal=yes secret=HIDDEN
/ip ipsec policy
add dst-address=10.1.0.0/16 sa-dst-address=137.x.x.145 sa-src-address=27.x.x.248 src-address=192.168.1.0/24 tunnel=yes
Firewall Config:
/ip firewall filter
add chain=input comment=“Allow from Azure” src-address=137.x.x.145
/ip firewall nat
add chain=srcnat comment=“Azure VPN Tunnel” dst-address=10.1.0.0/16 src-address=192.168.1.0/24
add chain=srcnat comment=“Azure VPN Tunnel” dst-address=192.168.1.0/24 src-address=10.1.0.0/16
As you can see, it’s failing on Phase 1 (if the logs are to be believed) however everything is configured to suite, as far as i can tell, has anyone here managed to get Azure up and running with their MikroTik, and if so, what am i missing?
Cheers,
SiriX