Community discussions

MikroTik App
User avatar
Topic Author
Posts: 45
Joined: Wed Aug 10, 2016 10:19 pm

IPSec NAT-T question

Wed Mar 25, 2020 11:03 pm


I want to remove an old loadbalancer from a productive site (HQ) and replace it with a MT RB 4100 router. I have found a solution for almost all functions of that old loadbalancer, but I am not so sure about one of them:

The setup is as follows:

LAN <-> Cisco ASA <-> Load Balancer <-> Cloudserver (vASA)

- The Cisco ASA and the vASA have a working IPSec Site-to-Site tunnel that won't be touched and is working fine
- The Cisco ASA and the Load Balancer are connected via a /30 network
- The Load Balancer has the WAN connections configured, so the ASA is NATed
- The Load Balancer has a Port Forwarding configured to foward UDP 500, UDP 4500 and IP 50 (ESP) from WAN interface directly to the Cisco ASA

So what's my question after all?

- The Load Balancer has a Service Passthrough feature enabled for IPSec NAT-T. The vendor's manual says "This field is for enabling the support of IPsec NAT-T passthrough. UDP ports 500, 4500, and 10000 are monitored by default."

My question is: how would I configure such a feature on the MT (in case it is needed what I am not sure of)?

Advice would be much appreciated.


Who is online

Users browsing this forum: didipov, MSN [Bot] and 102 guests