Community discussions

MUM Europe 2020
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Wed Nov 25, 2015 9:54 pm

IPSec Side to Side | One Side behind NAT not working

Wed Oct 02, 2019 4:03 pm

Hi there,
i currently setting up some ipsec tunnels. On Central Side i have two wan connections. One Connection with Static Adress without NAT and the second one with LTE (behind NAT). Failover etc. is working.

But what i can't get working is the ipsec side-to-side with the static address? If central side and client side behind NAT everything works perfekt. But if i switch back to the Static Adress on Central Side the policy gets established but no traffic goes through the tunnel.

Any Idea whats wrong there?

Thanks!
Kind Regards
 
sawesa
just joined
Posts: 12
Joined: Sat Jun 29, 2019 7:10 pm

Re: IPSec Side to Side | One Side behind NAT not working

Wed Oct 02, 2019 7:37 pm

I'm not very experienced with Mikrotik but I have set up some IPsec tunnels and would be glad to help.

I didn't get where is your router in all this Central Side thing, but anyway, behind the router with the static address, you still have a private address network where you want to deliver traffic, isnt it? So since you are not routing to the internet with the private address, actually you are behind NAT.
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Wed Nov 25, 2015 9:54 pm

Re: IPSec Side to Side | One Side behind NAT not working

Wed Oct 02, 2019 9:05 pm

Hi,
thanks for your answer, but i think i found the problem. Looks like IPSec-ESP Protokoll get's blocked between both devices. On Client-Side i tried to enforce NAT-T and now it works over udp 4500.

Who is online

Users browsing this forum: No registered users and 80 guests