Community discussions

MikroTik App
Topic Author
Posts: 35
Joined: Sat Dec 19, 2009 12:40 pm

IPSec/L2TP and NAT

Thu Jan 19, 2012 2:46 am


I've tested a VPN setup with IPSec/L2TP which seems to work as expected, almost.

It works nice for clients including NAT'ed as long as there is only one client, if there are a second client connecting which is behind the same NAT device the first tunnel is "replaced".
I believe the problem can be that the generated policys gets level=require instead of level=unique.

/ip ipsec peer
/ip ipsec peer add address= auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=xxxx send-initial-contact=no
/ip ipsec policy
0 D src-address=x.x.x.x/x src-port=any dst-address=y.y.y.y/y dst-port=any protocol=udp action=encrypt level=require ipsec-protocols=esp tunnel=no sa-src-address=x.x.x.x sa-dst-address=y.y.y.y/y proposal=default priority=2
Does anyone have any ideas about resolving this?


Who is online

Users browsing this forum: Google [Bot], Majestic-12 [Bot], marypoppins, radu990, sindy and 141 guests