Community discussions

MikroTik App
 
bejcd
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Oct 27, 2005 7:26 pm

IPSec with dynamic peer ...

Wed Oct 24, 2007 11:20 pm

Hello,

Does anybody have experience how to fill out IPSec -> Peers -> Address section with Dynamc IP address ?

If a remote IPSec firewall dynamically changes IP is it possible to somehow manage that from Mikrotik router locally ?

Appreciate all your suggestions.

Thank you,
D.
 
bejcd
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Oct 27, 2005 7:26 pm

Re: IPSec with dynamic peer ...

Thu Nov 08, 2007 9:26 pm

Hello again,

When I meant a 'dynamic' address that is in a form of A-record (or DNS name ... name.domain.com - not a static IP address).

Thank you,
D.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Re: IPSec with dynamic peer ...

Thu Nov 08, 2007 11:18 pm

You specify the peer address as 0.0.0.0/0 and set the option 'Generate policy' in the peer setup. This will allow connections from different IP addresses. At least one end must have a fixed address.

Regards

Andrew
 
bejcd
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Oct 27, 2005 7:26 pm

Re: IPSec with dynamic peer ...

Tue Nov 20, 2007 6:58 pm

Thanks Andrew for your help,

I have already figured it out by myself ... pretty obvious but sometimes it takes some time.

Again, deeply appreciate your help.

D.
 
lgraveman
just joined
Posts: 1
Joined: Tue Feb 05, 2008 5:56 pm

Re: IPSec with dynamic peer ...

Tue Feb 05, 2008 6:30 pm

Hello, Newbie, could you share your case for our reference? We also need help.

graveman
Thanks Andrew for your help,

I have already figured it out by myself ... pretty obvious but sometimes it takes some time.

Again, deeply appreciate your help.

D.
 
yacsap
Member Candidate
Member Candidate
Posts: 110
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: IPSec with dynamic peer ...

Mon Sep 03, 2018 11:18 am

You specify the peer address as 0.0.0.0/0 and set the option 'Generate policy' in the peer setup. This will allow connections from different IP addresses. At least one end must have a fixed address.

Regards

Andrew
Hi Andrew,

In order to achieve a dynamic ipsec peer, is it better to setup Generate policy as port strict or port override? What's the difference?

Cheers! 🥂
[ IMikroTik ] >
 
sindy
Forum Guru
Forum Guru
Posts: 5332
Joined: Mon Dec 04, 2017 9:19 pm

Re: IPSec with dynamic peer ...

Mon Sep 03, 2018 11:32 am

10 years ago this choice didn't exist :-) The port-override choice only makes sense when the peer sends incorrect traffic selectors in the proposal; with correct peer implementation, port-strict works fine.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Google [Bot], jerryroy1, msatter and 69 guests