Page 1 of 1

IPSec Side to Side | One Side behind NAT not working

Posted: Wed Oct 02, 2019 4:03 pm
by n4p
Hi there,
i currently setting up some ipsec tunnels. On Central Side i have two wan connections. One Connection with Static Adress without NAT and the second one with LTE (behind NAT). Failover etc. is working.

But what i can't get working is the ipsec side-to-side with the static address? If central side and client side behind NAT everything works perfekt. But if i switch back to the Static Adress on Central Side the policy gets established but no traffic goes through the tunnel.

Any Idea whats wrong there?

Thanks!
Kind Regards

Re: IPSec Side to Side | One Side behind NAT not working

Posted: Wed Oct 02, 2019 7:37 pm
by sawesa
I'm not very experienced with Mikrotik but I have set up some IPsec tunnels and would be glad to help.

I didn't get where is your router in all this Central Side thing, but anyway, behind the router with the static address, you still have a private address network where you want to deliver traffic, isnt it? So since you are not routing to the internet with the private address, actually you are behind NAT.

Re: IPSec Side to Side | One Side behind NAT not working

Posted: Wed Oct 02, 2019 9:05 pm
by n4p
Hi,
thanks for your answer, but i think i found the problem. Looks like IPSec-ESP Protokoll get's blocked between both devices. On Client-Side i tried to enforce NAT-T and now it works over udp 4500.