Page 1 of 1

IPsec problem

Posted: Wed Mar 04, 2020 4:22 pm
by nacu62
hi, i have 2 mikrotiks and i need connection between 2 Routers:
one RB1100Dx4 with v6.46.3 (stable)
and the other: 1100AHx2 v6.46.4 (stable)

i have this conf in ipsec

/ip ipsec profile
add name=profile1 nat-traversal=no
/ip ipsec peer
add address=1.1.1.1 name=peer1 profile=profile1
/ip ipsec proposal
add auth-algorithms=sha1,md5 enc-algorithms=3des name=proposal1
/ip ipsec identity
add peer=peer1 secret="pass123"
/ip ipsec policy
set 0 disabled=yes
/ip ipsec policy
set 0 disabled=yes
add dst-address=192.168.2.0/24 peer=peer1 proposal=proposal1 sa-dst-address=2.2.2.2 sa-src-address=0.0.0.0 src-address=192.168.0.0/23 tunnel=yes


cant see the problem, i see in active peers but dont have traffic

"no phase 2" say in ph2 state, im reading the manual but cant solve this

thanks

Re: IPsec problem

Posted: Wed Mar 04, 2020 11:24 pm
by nacu62
already check the nat and filters, i dont know what its going on, both wans have static ip publics

Re: IPsec problem

Posted: Wed Mar 04, 2020 11:39 pm
by tberg
Looks like your sa-src-address should be 1.1.1.1, not 0.0.0.0

Re: IPsec problem

Posted: Thu Mar 05, 2020 12:57 pm
by nacu62
Looks like your sa-src-address should be 1.1.1.1, not 0.0.0.0
Hi tberg, thanks

that ip: sa-src-address its the status of the policies, change when i modify the peer, in local addres, but my local address is my LAN (192.168.0.1/23), i need the static ip?

anyway i try both and no changes, i will keep trying

Re: IPsec problem

Posted: Fri Mar 06, 2020 1:46 am
by nacu62
well, i put wan in lan and lan in wan

the second time that i read the manual i understand that