Community discussions

 
igorludak
just joined
Topic Author
Posts: 7
Joined: Mon Nov 07, 2016 11:59 am

Site to Site IPSec between two Mikrotik Routers

Mon Sep 24, 2018 10:27 pm

Hello All,
I`m trying to establish connection between two mikrotik routers but i cant make it possible they fail all time so here is my config:
I`m using two same RB2011UiAS-2HnD models.
Router 1 Config
You do not have the required permissions to view the files attached to this post.
Last edited by igorludak on Mon Sep 24, 2018 10:49 pm, edited 2 times in total.
 
igorludak
just joined
Topic Author
Posts: 7
Joined: Mon Nov 07, 2016 11:59 am

Re: Site to Site IPSec between two Mikrotik Routers

Mon Sep 24, 2018 10:42 pm

Router 2 Config
Is there any chance someone can tell me what i`m doing wrong ?
You do not have the required permissions to view the files attached to this post.
 
tippenring
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Site to Site IPSec between two Mikrotik Routers

Tue Sep 25, 2018 5:28 pm

Glancing over your screenshots, it looks about right for the IPSec. I'd tell you to make sure you exclude the subnets from masquerade or dst-nat, but you aren't getting that far yet.

Can your routers reach each other at all? It looks like they can't.
 
igorludak
just joined
Topic Author
Posts: 7
Joined: Mon Nov 07, 2016 11:59 am

Re: Site to Site IPSec between two Mikrotik Routers

Tue Sep 25, 2018 6:10 pm

Thanks for replay on my post.
Yes both routers are able to ping each other.
I also want to mention, the ISP provider is providing internet using private ip address and after that they attach static public ip. The public IP is not double nat that ip is attached only to my routers i can confirm that.
 
Sob
Forum Guru
Forum Guru
Posts: 4806
Joined: Mon Apr 20, 2009 9:11 pm

Re: Site to Site IPSec between two Mikrotik Routers

Tue Sep 25, 2018 7:50 pm

Last time I've seen send error for phase1, it was because local-address in peer config was incorrectly set to public address, which in fact wasn't local (router was behind NAT). You say you do have NAT, but you don't set local-address for peer. You may have similar problem with policy, but I guess it should not influence phase1. But I'm not 100%, so try to experiment with that anyway.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
xvo
Long time Member
Long time Member
Posts: 592
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Site to Site IPSec between two Mikrotik Routers

Tue Sep 25, 2018 8:36 pm

I've had this when I messed up with the routes on one of the routers.
On the second one i had a time up error.
Double check firewalls and routes on both of the routers to be sure not only icmp passes, but everything else.
To rule out the firewall add the temporary rules accepting everything from the other router's ip on top.
 
igorludak
just joined
Topic Author
Posts: 7
Joined: Mon Nov 07, 2016 11:59 am

Re: Site to Site IPSec between two Mikrotik Routers

Wed Sep 26, 2018 8:27 am

Thanks for replay on my post. As i have share the photos there is no block rules before the IPSec rules. Still facing the same problem. I tried to connect using ISP private ip but without success and now the error is: Time up.
On other hand into remote peers i'm able to see the connection on both routers. I will share that photo later today
 
igorludak
just joined
Topic Author
Posts: 7
Joined: Mon Nov 07, 2016 11:59 am

Re: Site to Site IPSec between two Mikrotik Routers

Thu Sep 27, 2018 8:10 pm

Here is the strange information i`m seen into the Remote Peers
Does this means that the connections is established ?
Also i`m still seen the same error with Phase 1
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Google [Bot] and 44 guests