Page 1 of 1

Mikrotik to Cisco IPSec VPN

Posted: Wed Sep 30, 2015 8:58 am
by azurtem
Hi

I replaced a customers Cisco ASA 5505 with a CCR1009

There were three IPSec VPN links which I implemented on the CCR1009 and everything is working fine

One thing I don't understand though is how to point to a VPN link

I need to add a route to guide traffic through one of the VPN links to the routeur that is situated at the other end of the VPN link

I tried creating a route indicating the remote router's local IP address as gateway but the CCR1009 isn't able to see it

Any ideas ?
thanks
yann

Re: Mikrotik to Cisco IPSec VPN

Posted: Wed Sep 30, 2015 3:57 pm
by andriys
Classic (policy-based) IPsec does not take routing into account by design. IPsec policy is the only thing that determines which traffic gets encrypted and sent over the tunnel.

Re: Mikrotik to Cisco IPSec VPN

Posted: Thu Oct 01, 2015 9:54 am
by azurtem
Thanks Andriys
We learn something new everyday

Re: Mikrotik to Cisco IPSec VPN

Posted: Mon Oct 05, 2015 2:24 pm
by azurtem
Actually I still have a querstion regarding this issue

The LANs at either end can communicate with each other successfully

However I am unable to get the Mikrotik router, that is one end of the IPSec VPN tunnel, to route (dstnat) incoming (internet) traffic to the other end of the tunnel ?

thanks
yann

Re: Mikrotik to Cisco IPSec VPN

Posted: Tue Oct 06, 2015 10:21 am
by andriys
If you still fighting the problem and is in need for help, please post your current config here.

Re: Mikrotik to Cisco IPSec VPN

Posted: Wed Oct 07, 2015 10:49 am
by azurtem
thanks Andryis

I figured it out : the problem was that the incoming connection didn't belong to the LAN
therefore I had to create a srcnat rule to change the source address of the incoming connection