Configure IPSEC tunnel between Mikrotik 750G [192.168.200.129] with latest RouterOS 5.1 and Cisco 1841 [192.168.200.130].
When using GRE tunnel there is a problem: Mikrotik does not encrypt packets GRE, protocol 47, for a given policy
Code: Select all
/ ip ipsec policy
add action = encrypt disabled = no dst-address = 192.168.200.129/32 dst-port = any \
ipsec-protocols = esp level = require priority = 10 proposal = cisco protocol = 47 \
sa-dst-address = 192.168.200.129 sa-src-address = 192.168.200.130 src-address = \
192.168.200.130/32 src-port = any tunnel = yes
Code: Select all
interface Tunnel1
description MikrotikIPIP
ip address 192.168.8.1 255.255.255.252
ip mtu 1400
tunnel source 192.168.200.129
tunnel destination 192.168.200.130
tunnel protection ipsec profile VTI
If i change mikrotik ipsec policy to protocol ip-encap (#4), I see the outgoing ESP packets that can not decode Cisco.
If i change tunnel type to IPIP and modify policies to proto 4 on both sides everything works! But sometimes IPSEC policies on Mikrotik enters into the state .
Please help solve the problem with GRE tunnel.