Community discussions

MikroTik App
just joined
Topic Author
Posts: 11
Joined: Thu Jun 17, 2010 6:21 pm


Tue Jan 12, 2021 9:37 am

Hi all,

Looking to do an IPSEC to an ASA already configured. However I am struggling with getting the phase 1 and 2 settings to match. Right now it simply does not come up

My local subnet:,
Remote Subnet:,

The OLD ASA config (Mikrotik replaced the box)

crypto ipsec ikev1 transform-set aes256-md5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal PS-AP
 protocol esp encryption 3des
 protocol esp integrity sha-1
crypto ipsec security-association pmtu-aging infinite
crypto map VPN 10 match address PS-AP-VPN
crypto map VPN 10 set peer
crypto map VPN 10 set ikev1 transform-set aes256-md5
crypto map VPN 10 set ikev2 ipsec-proposal PS-AP
crypto map VPN 10 set ikev2 pre-shared-key [1234]
crypto map VPN interface outside
crypto ca trustpool policy
crypto ikev2 policy 2
 encryption 3des
 integrity sha
 group 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 5
 authentication pre-share
 encryption aes-256
 hash md5
 group 2
 lifetime 86400

tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 ikev1 pre-shared-key [1234]
 ikev2 remote-authentication pre-shared-key [1234]
 ikev2 local-authentication pre-shared-key [1234]
Forum Guru
Forum Guru
Posts: 6660
Joined: Mon Dec 04, 2017 9:19 pm


Tue Jan 12, 2021 10:51 am

Where's the Mikrotik configuration you've set up so far?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], kalto and 155 guests