I have an Mikrotik device with a public address on an interface and I need to allow a cisco router that connects to it to establish ipsec vpn(it requires udp 500, udp 4500, ipsec-esp).
I have done dst-nat from the public address to the local one(cisco router) and masquerading for the outgoing connection but still Cisco can't estabilsh ipsec connection.
Is there something I am not taking into account here for ipsec to work through the Mikrotik?