Community discussions

 
arizafal
just joined
Topic Author
Posts: 3
Joined: Tue Jan 10, 2017 5:23 pm

Mikrotik RB2011 and many ipsec tunnels

Tue Jan 10, 2017 5:36 pm

This is my first post, please be patient. I would like connect over a dozen location to central ruter via ipsec. Unfortunately lot of location is behind NAT. Is it possible to do this using mikrotik hardware?
I thought about RB 2011 series. If not do you have any suggestions? I will be grateful for any advice.

Thank you in advance!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5892
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Mikrotik RB2011 and many ipsec tunnels

Tue Jan 10, 2017 5:44 pm

Need more info. Is it pure ipsec or some sort of l2tp/ipsec? Will there be multiple clients behind same NAT?
 
erlinden
Member Candidate
Member Candidate
Posts: 146
Joined: Wed Jun 12, 2013 1:59 pm

Re: Mikrotik RB2011 and many ipsec tunnels

Tue Jan 10, 2017 6:36 pm

Everything is possible with Mikrotik. Are you talking about a dozen site-to-site connections? What bandwidth do you need per connection? What is your knowledge on this topic?
 
arizafal
just joined
Topic Author
Posts: 3
Joined: Tue Jan 10, 2017 5:23 pm

Re: Mikrotik RB2011 and many ipsec tunnels

Tue Jan 10, 2017 9:45 pm

Thank you for your answer. I have 30 location connected by ipsec with Junipers SRX. I can configure it. Unfortunately because of unstable power supply in location i have problems with juniper hardware and I would like replace it on Mikrotik. I'm beginner in RouterOS, but I have some experience in ipsec. All locations have your own internet access and own nat and router is behind this nat. I have two RB 2011UiAS for test but first i would like to know if it is possible to make 30 ipsec tunnels to central router from locations behind nat. Trafiic is not big, ipsec is rather for manage ruter and devices connected to router. We have no multiple tunel behind the same nat. Central router have static and public internet access. I thought about pure ipsec but it is only plan for know. Any suggestions will be nice! :)
 
pe1chl
Forum Guru
Forum Guru
Posts: 5367
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mikrotik RB2011 and many ipsec tunnels

Tue Jan 10, 2017 10:06 pm

When you want good performance IPsec I recommend to use hEX r3 (RB750Gr3) instead of RB2011. It is cheaper as well.

In MikroTik there are no small limits on number of tunnels you can setup, but of course the CPU has its limitations,
and the hEX r3 has hardware accelerated crypto. It is a hot little router!
 
Dude2048
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Sep 01, 2016 4:04 pm

Re: Mikrotik RB2011 and many ipsec tunnels

Tue Jan 10, 2017 11:01 pm

I have build a sstp tunnel over the internet with eoip in it. Eoip connects to a management bridge. I have a central management machine with tentacles to the other sites. The internet traffic itself brakes out at the local connection. So yes, what you want is possible and it is in production at my site.
 
arizafal
just joined
Topic Author
Posts: 3
Joined: Tue Jan 10, 2017 5:23 pm

Re: Mikrotik RB2011 and many ipsec tunnels

Tue Jan 10, 2017 11:09 pm

Thank you for your time and answers! Now I have to start my tests. Have a good time!

Who is online

Users browsing this forum: No registered users and 20 guests