Page 1 of 1

Mikrotik as Ipsec Concentrator and Client

Posted: Mon Oct 09, 2017 7:19 pm
by anaktos
I need to do this on RB3011:

Site 1 (cisco) -------Ipsec--(Internet)---------> RB3011 (Ipsec concentrator) ----------------Ipsec--(Internet)--------->Site 5 (Cisco)
Site 2 (cisco) -------Ipsec--(Internet)-----------^
Site 3 (cisco) -------Ipsec--(Internet)-------------^
Site 4 (cisco) -------Ipsec--(Internet)---------------^


It´s possible?
Any recomendation?

Re: Mikrotik as Ipsec Concentrator and Client

Posted: Mon Oct 09, 2017 11:29 pm
by pe1chl
Do you configure all the routers? Or at least have detailed info how they are configured? That is very important for such a setup to succeed.
Configuring IPsec while treating the other end as a blackbox is very difficult and time-consuming!

Re: Mikrotik as Ipsec Concentrator and Client

Posted: Tue Oct 10, 2017 2:41 pm
by anaktos
Hello pe1chl, not only I am going to form the RB3011.

In the sites 1,2,3,4 I have to send to them the information to establish the tunnel Ipsec.

For the connection to the site 5, they have to give me the information of the connection, my RB acts like client

Re: Mikrotik as Ipsec Concentrator and Client

Posted: Tue Oct 10, 2017 2:53 pm
by pe1chl
It can be done but it will not be a beginner's job...
Or of course you could be lucky and it could work 1st try.
My recommendation: configure GRE over IPsec transport, not plain IPsec tunnel.
Configure each GRE tunnel with a /30 network address from some unused range.
Use static routes or some routing protocol. (BGP, OSPF)