Community discussions

MUM Europe 2020
 
antoniogc
newbie
Topic Author
Posts: 25
Joined: Mon Sep 07, 2009 11:36 am

Ipsec Problem

Mon Sep 07, 2009 12:30 pm

Good morning, I have a problem with Ipsec, is not connects mikrotik to another one, I have 2 rb532a with firm 2.9.51 with the following configuration:

192.168.36.0/24 LAN eth1(MKT1)eth2 82.X.X.1-----Internet-----82.X.X.2 eth2(MKT2)eth1 LAN 10.2.0.0/16

The data of Ipsec are:

Mikrotik1

Policy print

src-address=192.168.36.0/24:any dst-address=10.2.0.0/16:any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=82.X.X.1 sa-dst-address=82.X.X.2 proposal=default manual-sa=none dont-fragment=clear

peer print

address=82.X.X.2/32:500 secret="prueba" generate-policy=no
exchange-mode=main send-initial-contact=yes proposal-check=obey
hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0

proporsal print

name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024

Mikrotik2

Policy print

src-address=10.2.0.0/16/24:any dst-address=192.168.36.0/24:any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=82.X.X.2 sa-dst-address=82.X.X.1 proposal=default manual-sa=none dont-fragment=clear

peer print

address=82.X.X.1/32:500 secret="prueba" generate-policy=no
exchange-mode=main send-initial-contact=yes proposal-check=obey
hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0

proporsal print

name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024

that it is what I can these doing badly?

a greeting
 
Krusty
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri May 02, 2008 11:14 pm

Re: Ipsec Problem

Thu Sep 10, 2009 11:38 am

you have to create IPIP or EoIP tunel and make IPsec go through it
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5969
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Ipsec Problem

Thu Sep 10, 2009 11:54 am

There is no need to run one more tunnel, as IpSec is already configured for tunnel mode.

If you have masquerade on those routes, then make sure that you have accept rule for ipsec traffic.
 
Krusty
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri May 02, 2008 11:14 pm

Re: Ipsec Problem

Thu Sep 10, 2009 12:14 pm

There is no need to run one more tunnel, as IpSec is already configured for tunnel mode.

If you have masquerade on those routes, then make sure that you have accept rule for ipsec traffic.
If I made IPsec only, than it dont work. Its from MT v 3, before this version IPsec works by it self

Who is online

Users browsing this forum: Google [Bot], Guntis, Kindis, krisjanisj, MSN [Bot], TruthPaste, youtube345 and 138 guests