Community discussions

MikroTik App
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Mikrotik to Cisco IPSec VPN

Wed Sep 30, 2015 8:58 am

Hi

I replaced a customers Cisco ASA 5505 with a CCR1009

There were three IPSec VPN links which I implemented on the CCR1009 and everything is working fine

One thing I don't understand though is how to point to a VPN link

I need to add a route to guide traffic through one of the VPN links to the routeur that is situated at the other end of the VPN link

I tried creating a route indicating the remote router's local IP address as gateway but the CCR1009 isn't able to see it

Any ideas ?
thanks
yann
 
andriys
Forum Guru
Forum Guru
Posts: 1346
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Mikrotik to Cisco IPSec VPN

Wed Sep 30, 2015 3:57 pm

Classic (policy-based) IPsec does not take routing into account by design. IPsec policy is the only thing that determines which traffic gets encrypted and sent over the tunnel.
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Mikrotik to Cisco IPSec VPN

Thu Oct 01, 2015 9:54 am

Thanks Andriys
We learn something new everyday
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Mikrotik to Cisco IPSec VPN

Mon Oct 05, 2015 2:24 pm

Actually I still have a querstion regarding this issue

The LANs at either end can communicate with each other successfully

However I am unable to get the Mikrotik router, that is one end of the IPSec VPN tunnel, to route (dstnat) incoming (internet) traffic to the other end of the tunnel ?

thanks
yann
 
andriys
Forum Guru
Forum Guru
Posts: 1346
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Mikrotik to Cisco IPSec VPN

Tue Oct 06, 2015 10:21 am

If you still fighting the problem and is in need for help, please post your current config here.
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Mikrotik to Cisco IPSec VPN

Wed Oct 07, 2015 10:49 am

thanks Andryis

I figured it out : the problem was that the incoming connection didn't belong to the LAN
therefore I had to create a srcnat rule to change the source address of the incoming connection

Who is online

Users browsing this forum: Bing [Bot], cubixserv, matthewkirby, WildRat and 170 guests