I'm giving up with my issue about L2TP/IPsec as per my previous post : http://forum.mikrotik.com/viewtopic.php?f=2&t=105910
Anyway , I have the same issue securing GRE tunnel using IPsec (as per native IPsec section in GRE configuration) :
The connecting peers have DYNAMIC ip adresses that change time to time
So a dynamic IPsec policy is created when client connects
Whats' the problem ?
Mikrotik device has its WAN interface connected behind a DSL router 1:1 natted back to MT to make MT itself to be "virually" on the public side (static public ip adress):
Mikrotik(10.0.0.2)-----(10.0.0.1)DSL_ROUTER(126.96.36.199)-------internet--------(188.8.131.52 ) CLIENT
The automatically created IPSec policy, doesn't really reflect the installed SA
[184.108.40.206 -- 220.127.116.11] policy doesn't match the [10.0.0.2 -- 18.104.22.168] SA
So IPsec fails
No luck with NAT-T or not,
It works if [10.0.0.2 -- 22.214.171.124] policy is created manually, but 126.96.36.199 is dynamic !!!
I suppose this is a known issue,
Is there anyone help me in solving this (if really solvable...) ???
Thank you very much