Any ideas is helpful. Thanks in advance.
Router1:
-wan ip: 10.0.0.2/24
-local: 172.16.10.0/24
Code: Select all
/ip firewall nat
0 chain=srcnat action=accept src-address=172.16.10.0/24
dst-address=172.16.20.0/24 log=no log-prefix=""
1 chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
-wan ip: 20.0.0.2/24
-local: 172.16.20.0/24
Code: Select all
/ip firewall nat
0 chain=srcnat action=accept src-address=172.16.20.0/24
dst-address=172.16.10.0/24 log=no log-prefix=""
1 chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
Router1
Code: Select all
/ip ipsec peer
address=20.0.0.2/32 local-address=0.0.0.0 passive=no port=500
auth-method=pre-shared-key secret="test" generate-policy=no
policy-template-group=default exchange-mode=main send-initial-contact=yes
nat-traversal=yes proposal-check=obey hash-algorithm=md5
enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0
dpd-interval=2m dpd-maximum-failures=5
/ip ipsec proposal
name="default" auth-algorithms=md5 enc-algorithms=3des lifetime=30m
pfs-group=modp1024
/ip ipsec policy
src-address=172.16.10.0/24 src-port=any dst-address=172.16.20.0/24
dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=10.0.0.2
sa-dst-address=20.0.0.2 proposal=default priority=0
Code: Select all
/ip ipsec peer
address=10.0.0.2/32 local-address=:: passive=no port=500
auth-method=pre-shared-key secret="test" generate-policy=no
policy-template-group=default exchange-mode=main send-initial-contact=yes
nat-traversal=yes proposal-check=obey hash-algorithm=md5
enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0
dpd-interval=2m dpd-maximum-failures=5
/ip ipsec proposal
name="default" auth-algorithms=md5 enc-algorithms=3des lifetime=30m
pfs-group=modp1024
/ip ipsec policy
1 src-address=172.16.20.0/24 src-port=any dst-address=172.16.10.0/24
dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=20.0.0.2
sa-dst-address=10.0.0.2 proposal=default priority=0