I'm having real problems getting a RB/450G to talk to a snapgear 580.
I've tried several different options, but in general I started with the IPSec document listed here:
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec
I used the example for the site-to-site, using the details given.
However, I can't get it to pass phase 2 of the IPSec negotiation.
I get these logs from the SG's messages log:
<4>Jan 6 17:03:49 Pluto[666]: "ROS-Test" #2618: starting keying attempt 3 of an unlimited number
<4>Jan 6 17:03:49 Pluto[666]: "ROS-Test" #2620: initiating Quick Mode AGGRESSIVE+PSK+ENCRYPT+TUNNEL+PFS to replace #2618
<4>Jan 6 17:03:49 Pluto[666]: "ROS-Test" #2615: ignoring informational payload, type NO_PROPOSAL_CHOSEN
<4>Jan 6 17:03:49 Pluto[666]: "ROS-Test" #2615: Notification: Pid=1 SPIsz=0 Type=14 Val=\012
<4>Jan 6 17:03:59 Pluto[666]: "ROS-Test" #2615: ignoring informational payload, type NO_PROPOSAL_CHOSEN
<4>Jan 6 17:03:59 Pluto[666]: "ROS-Test" #2615: Notification: Pid=1 SPIsz=0 Type=14 Val=\012
[I'm using aggressive negotiation here, but main mode doesn't solve things either.]
These messages don't turn up anything interesting in my searching and they don't mean much to me otherwise.
Does anyone have any suggestions? [I don't see much (virtually nothing) for logging on the RB side either.]
--
A few details that might be relevant:
Both ends are using static IP's
Both ends are doing NAT for the LAN side of the network.
[And yes, I have the NAT IPTables rule from the example above. (not that that would block phase two success anyway.)]
TIA
-Greg