Hello.
I have a BIG problem for my organization. We have over 30 routerboards 411U and 750. We are using them on ATM.
All of them connected via GREvsIpSec to cisco router. And a few times a day tunnel with IpSec down. No packets transmit in SA.
Help only "\ip ipsec installed sa flush". But it's not good.
Mikrotik with mikrotik work perfect.
What can i do to solve this?
----------------------------------------------
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 disabled=no enc-algorithms=3des lifetime=10m name=default pfs-group=modp1024
/ip ipsec peer
add address=x.x.x.x/32 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=10s dpd-maximum-failures=1 enc-algorithm=3des exchange-mode=main \
generate-policy=no hash-algorithm=md5 lifebytes=0 lifetime=10m my-id-user-fqdn="" nat-traversal=no port=500 proposal-check=obey secret=\
somepass send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=x.x.x.x/32 dst-port=any ipsec-protocols=esp level=require priority=0 proposal=default protocol=ip-encap \
sa-dst-address=x.x.x.x sa-src-address=y.y.y.y src-address=y.y.y.y/32 src-port=any tunnel=no