Community discussions

 
derjuden
just joined
Topic Author
Posts: 6
Joined: Sat Feb 18, 2012 12:04 am

IPSec VPN mikrotik RB750 to Cisco RVS4000 help

Sat Feb 18, 2012 2:02 am

Hello I'm pretty new to the Mikrotik routers, but fell instantly in love with crazy amount of configuration you can do for such a low cost.

I am currently trying to setup a VPN IPSec site to site connection between a Mikrotik RB750 and a Cisco RVS4000 small business router we have setup in our lab.
The RVS4000 doesn't give me much configuration options so I'm having to make my Mikrotik conform to the Cisco.

Here are the settings I'm using on the Cisco RVS4000

Image



Here is the Policy setting on the RB750

Image



Here is the peer setup

Image


Here is the proposal setup

Image


I believe I have everything set right but the routers are not talking. If anyone can point out what might be wrong I would appreciate it.

I have read that there are some issues keep links with Cisco routers going with IPsec, I'm not that concerned with that since this is just for a SIP phone test setup.
 
vik1988
Member Candidate
Member Candidate
Posts: 235
Joined: Sun Oct 25, 2009 2:18 pm
Location: India

Re: IPSec VPN mikrotik RB750 to Cisco RVS4000 help

Sat Feb 18, 2012 6:12 am

Dear,

In Cisco, you have configured Phase-2 authentication-3DES and encryption-SHA1, But In mikrotik at proposal(Phase-2)you have used Auth-MD5 and Encry-3DES.

Second thing, try to change IPSEC protocol "ESP" in Policy at mikrotik, Cisco default IPSEC protocol is ESP.
Vikas Kumar Gupta
If you Like my post then add KARMA
skype- kumarvikas_gupta
 
derjuden
just joined
Topic Author
Posts: 6
Joined: Sat Feb 18, 2012 12:04 am

Re: IPSec VPN mikrotik RB750 to Cisco RVS4000 help

Mon Feb 20, 2012 6:56 pm

Okay changed the mikrotik to "ESP" and phase 1 and phase 2 are using MD5 for auth and 3DES for enc.
Link is still down.
 
vik1988
Member Candidate
Member Candidate
Posts: 235
Joined: Sun Oct 25, 2009 2:18 pm
Location: India

Re: IPSec VPN mikrotik RB750 to Cisco RVS4000 help

Wed Feb 22, 2012 9:35 am

Have you flush SAs.

and can you show the snapshot again.
Vikas Kumar Gupta
If you Like my post then add KARMA
skype- kumarvikas_gupta
 
derjuden
just joined
Topic Author
Posts: 6
Joined: Sat Feb 18, 2012 12:04 am

Re: IPSec VPN mikrotik RB750 to Cisco RVS4000 help

Wed Feb 22, 2012 7:33 pm

Okay so update on the IPSEC between my RB750 to Cisco RVS4000:
So I found Greg Sowell's video tutorials on MikroTik routers and specifically IPSec between mikrotik to mikrotik and mikrotik to some more advance Cisco equipment then my RVS4000.
http://gregsowell.com/?p=1290
Here is the link

The first problem I was having was that I was not sending any interesting traffic across the VPN tunnel so nothing was showing up the SA table.
So I starting sending a ping across the link from one of my internal LAN ports not my WAN on the Mikrotik.

Also I had comcast change out my router, give me a static IP address, and turn off the DHCP server on there router/modem combo while doing all this. This threw a huge wrench into what I was doing and I had to find this http://forum.mikrotik.com/viewtopic.php?f=13&t=44407 thread on how to setup static WAN IP addresses on my Mikrotik.
I'm still having some issues with this. My WAN port works fine to get to the web and my VPN but my lan ports get timeouts. I think something is wrong with my firewall or NAT settings.

I changed the DH encryption bit rate to modp 1024 for both Phase 1 and Phase 2. Set both to 3DES and MD5 for phase 1 and phase 2. Ensured the RVS4000 had the same settings and once I did my pings caused the VPN to go live.

So for anyone else having problems. Make sure you have a ping going while your setting up the VPN connection from a Mikrotik local port, to a local address on the other side.
Also make sure all the settings match on the Mikrotik and the RVS4000, and it should work.
If you watch Greg Sowell's video on VPN he also suggests adding a SRCNAT rule to your IP --> firewall --> NAT. You want to set any local DHCP mikrotik traffic going to the local dhcp addresses on the other side of your VPN to be set to action Accept.
Example source 192.168.1.0/24 dest 192.168.20.0/24 action set to accept, and then move it to the top of the list.
 
User avatar
SiB
Member Candidate
Member Candidate
Posts: 180
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: IPSec VPN mikrotik RB750 to Cisco RVS4000 help

Thu Sep 15, 2016 4:29 pm

Update with howto create a connection, means tunnel up: http://forum.mikrotik.com/viewtopic.php ... 01#p557501
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL | WebChat: Tokonda
WinBox Tip: F6 works as ALT+TAB | Gliffy.com - free network schematic | prnt.sc - free ScreenShot software

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 97 guests