I am trying to create a site-to-site IPSec VPN between a Mikrotik v6.28 and a Gateprotect v9.4.
I managed to make a site-to-site IPSev VPN between two Mikrotiks.
On the Mikrotik side I have:
PROPOSAL: Auth. Algo: SHA1; Encr. Algo: 3DES; Lifetime: default (00:30:00); PFS: Modp1024
PEER: Destination: 2.2.2.2; Port:500; Auth. method: PSK; Passive: no; Secret: something; Policy TG: default; Exchange mode: main; Send initial contact: yes; Proposal check: obey; Hash algo: SHA1; Encr. Algo: 3DES
POLICY: Src Addr:172.16.9.0/24; Dst Addr: 172.16.6.0/24; Action: encrypt; Level: require; IPSec Proto: AH+ESP; Tunnel: yes; SA Src Addr: 1.1.1.1; SA Dst Addr: 2.2.2.2; Proposal: default (the one describe above).
Then I have setup the Firewall:
NAT: Chain: srcnat; Src Addr: 172.16.9.0/24; Dst Addr: 172.16.6.0/24; Action: accept
On the gateProtect I don't have exactly the same stuff, but:
Local network: 172.16.6.0/24
Remote network: Destination: 1.1.1.1; Network: 172.16.9.0/24; Do not initiate: yes;
Authentication: Type: PSK; Preshared key: something;
Cryptography: ISAKMP: IKEv1; Crypto Algo: 3DES; Auth. Algo: SHA1; DH Group: MODP 1024: Lifespan: 7800s; IPSec Cryp. Algo: 3DES; IPSec Auth. Algo: SHA1; Validity period: 3600s; PFS: yes; PFS Group: MODP 1024
Advanced: Compression: no
The connection is reported as "up" in the Mikrotik logs while it's "down" on the Gateprotect GUI.
On both the Mikrotik and the GP I can see "ISAKMP_SA established" but there's no traffic flowing between the two LANs.
Is this enough and I just need to adapt the routing/firewalling?
How can I troubleshoot this?