I'm giving up with my issue about L2TP/IPsec as per my previous post : http://forum.mikrotik.com/viewtopic.php?f=2&t=105910
Anyway , I have the same issue securing GRE tunnel using IPsec (as per native IPsec section in GRE configuration) :
The connecting peers have DYNAMIC ip adresses that change time to time
So a dynamic IPsec policy is created when client connects
Whats' the problem ?
Mikrotik device has its WAN interface connected behind a DSL router 1:1 natted back to MT to make MT itself to be "virually" on the public side (static public ip adress):
Mikrotik(10.0.0.2)-----(10.0.0.1)DSL_ROUTER(1.2.3.4)-------internet--------(5.6.7.8 ) CLIENT
|_______________<<<1:1nat<<<____________|
The automatically created IPSec policy, doesn't really reflect the installed SA
[1.2.3.4 -- 5.6.7.8] policy doesn't match the [10.0.0.2 -- 5.6.7.8] SA
So IPsec fails
No luck with NAT-T or not,
It works if [10.0.0.2 -- 5.6.7.8] policy is created manually, but 5.6.7.8 is dynamic !!!
I suppose this is a known issue,
Is there anyone help me in solving this (if really solvable...) ???
Thank you very much