Community discussions

MikroTik App
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

remote end of ipsec tunnel not responding

Wed Oct 29, 2014 11:46 pm

Hi

I have just setup an ipsec tunnel between and RB951G and a Cisco ASA 5505
SHA hash algo and 3DES encryption

I followed the following presentation: http://wiki.mikrotik.com/wiki/MikroTik_ ... wall_IPSEC

The tunnel seems to be up, I have SAs for both directions, though only
one has current bytes (RB => Cisco) and the info appearing in the ipsec
log seems pretty positive

I have pinged a host that is present on the remote LAN, but get I
no response, it just times'out

What I can't figure out is how do my packets know how to get to the remote LAN ?
I haven't created a explicit route; only the ipsec policy knows of the association
between our two LANs
I don't know how I would create such a route because I don't have an 'ipsec'
interface to point to

any ideas
thanks
yann
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: remote end of ipsec tunnel not responding

Thu Oct 30, 2014 12:16 pm

Two things:

1) I had wrongly indicated my ADSL modem's WAN IP address as SA source, and not my routers WAN IP address.

2) Even though I had created two rules to open ports 500 and 4500, the Orange Livebox wasn't allowing the VPN to properly setup - I used my second uplink instead which is connected to a CCR1009 and all is well - the VPN is up and running. Sweet

thanks
yann

NB
In fact it wasn't necessary to create a route to direct traffic from one LAN to the other on the Mikrotik
I guess the IPsec policy i the one providing this routing functionality

Who is online

Users browsing this forum: aeichhorn and 77 guests