Community discussions

MikroTik App
 
luberfly
just joined
Topic Author
Posts: 13
Joined: Fri Jun 02, 2017 12:31 am
Location: Italy

VPN IPSEC Configuration

Sun Sep 12, 2021 8:12 pm

Hello to everybody.
I have the following VPN IPSEC to setup.
Sometimes it is up, sometime it go down with error in phase 2.
Here the error..

IPSite2 parsing packet failed, possible cause: wrong password
phase1 negotiation failed due to time up IPSite1[500]<=>IPSite2[500] 977443a572ddd95e:a275d2dd2d9595a8

Sometimes after a reboot the VPN return UP, sometimes NO.

Who can help me for right configuration?

SITE1: Mikrotik RB3011 Package 6.48.4
SITE2: CISCO ASA

SITE1 IP: IPSite1
SITE2 IP: IPSite2

ISAKMP
Encryption algorithm: 3DES
DH Group: 2 (1024)
Hashing algorithm: SHA1
Authentication method: PreShared Key
Pre Shared key: Password
IKA SA lifetime: 28 800 seconds
Does this IP answers to ping requests? YES

IPSEC
Encryption: 3DES
Hash: SHA1
D-H Group: 2 (1024)
Perfect Forward Secrecy-IPSEC: YES DH2
IKA SA lifetime: 28 800 seconds
Encryption domain IP_LocalLAN1 (site1) and IP_LocaLAN2 (Site2)

Is This correct?
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=3des lifetime=8h name=PROFILE1

/ip ipsec peer
add address=IPSITE2 exchange-mode=aggressive local-address=IPSITE1 name=PEER1 profile=PROFILE1

/ip ipsec proposal
add enc-algorithms=3des name=PROPOSAL1

/ip ipsec identity
add peer=PEER1 secret=Password

/ip ipsec policy
add dst-address=IPLocal_LAN2 level=unique peer=PEER1 proposal=PROPOSAL1 src-address=IPLocal_LAN1   tunnel=yes
Best regards
Luca
Last edited by luberfly on Sun Sep 12, 2021 8:29 pm, edited 1 time in total.
 
lfoerster
newbie
Posts: 36
Joined: Mon Mar 07, 2022 1:29 pm

Re: VPN IPSEC Configuration

Mon Mar 14, 2022 6:07 pm

Maybe an IOS example helps to solve the issue:
https://administrator.pro/contentid/2145635754

Who is online

Users browsing this forum: bp0, GoogleOther [Bot], rplant and 85 guests