Community discussions

MikroTik App
 
spisarau
just joined
Topic Author
Posts: 5
Joined: Mon Nov 29, 2021 10:03 am

Cisco ASA and Mikrotik IPSEC

Mon Nov 29, 2021 10:20 am

I'm trying to configure the following configuration
mik.png
when everything's done I'm getting the following situation
mik1.png
cisco has the following configuration
mik2.png
the connection cannot be established for the second network. If I disable a policy for the first network PH2 State is establishing.
Could anyone help me to resolve this issue?
You do not have the required permissions to view the files attached to this post.
 
SPKA16
newbie
Posts: 29
Joined: Fri Aug 05, 2016 8:41 pm

Re: Cisco ASA and Mikrotik IPSEC

Mon Nov 29, 2021 12:01 pm

The Cisco most likely wants to seperate SA's
Try to set both policies to level=unique
 
spisarau
just joined
Topic Author
Posts: 5
Joined: Mon Nov 29, 2021 10:03 am

Re: Cisco ASA and Mikrotik IPSEC

Mon Nov 29, 2021 12:56 pm

The Cisco most likely wants to seperate SA's
Try to set both policies to level=unique
unfortunately same result
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Cisco ASA and Mikrotik IPSEC

Mon Nov 29, 2021 1:02 pm

ipsec debug logs should show more info on why second policy fails.
 
spisarau
just joined
Topic Author
Posts: 5
Joined: Mon Nov 29, 2021 10:03 am

Re: Cisco ASA and Mikrotik IPSEC

Mon Nov 29, 2021 1:22 pm

ipsec debug logs should show more info on why second policy fails.
no info about second network
MIK3.png
You do not have the required permissions to view the files attached to this post.
 
spisarau
just joined
Topic Author
Posts: 5
Joined: Mon Nov 29, 2021 10:03 am

Re: Cisco ASA and Mikrotik IPSEC

Mon Nov 29, 2021 1:30 pm

ipsec debug logs should show more info on why second policy fails.
when I disabled and enabled policy again I got a following error
mik4.png
You do not have the required permissions to view the files attached to this post.
 
spisarau
just joined
Topic Author
Posts: 5
Joined: Mon Nov 29, 2021 10:03 am

Re: Cisco ASA and Mikrotik IPSEC  [SOLVED]

Tue Nov 30, 2021 10:02 am

The Cisco most likely wants to seperate SA's
Try to set both policies to level=unique
Thanks.
This advice has helped. But to make things work PFS group of proposal should be set to none.

Who is online

Users browsing this forum: No registered users and 22 guests