I'm trying to setup an ipsec tunnel to a cisco router.
The mikrotik is connected through a 3G stick and gets a private ip address that is then nat-ed by the provider.
I can see that the tunnel is up and that SA's are established but no traffic goes through.
Please note that when I try the same setup with a 3G stick that gets public IP address everything works fine but I have to get it working with the one that only gets private IP (so Mikrotik is behind NAT).
On the cisco i see:
Obi-Wan#show cry isa sa
dst src state conn-id slot status
195.*.*.* 200.*.*.* QM_IDLE 6 0 ACTIVE
195. is address on cisco and 200. is mikrotik nat-ed address.
On the mikrotik I can see SA's. Source is 10.X.X.X (address mikrotik gets from 3G) and destination is 195.X.X.X (cisco) and
another one source 195.X.X.X and destination 10.X.X.X
In Policies I have SA src address 0.0.0.0, and SA dst address 195.X.X.X
Can anyone give me some hint how to solve this?