Hi,
We came from Zyxel. We have a Site to site vpn with one important customer.
We don't know which is his hardware our focus is to create software.
We have not a lot information to establish a IPSEC site to site so with a lot of try we have realized it . I can explain how is now configured but my question is if is it possible to reproduce under Mikrotik.
Our network
(local-subnets172.21.0.0\16)----lan[Mikrotik]wan(192.168.0.2\24)----(192.168.0.1\24)[ISP-Router]nat(188.x.x.x)-----{internet}----(62.97.2.6)wan[Remote-GW-Peer]lan----(remote-subnets)
Our ip (188) and customer ip(62) are static. ISP route is nat traversal enabled
The info for the VPN
IKEv1
Phase 1 aes256,sha1,86400
Phase 2 aes128,sha1,28800,DH2 PFS:no
This is simple I think any VPN router can do this.
Now the complex part
we need to route the traffic of local LAN 192.168.1.0/24 to the tunnel if the destination ip is in 10.209.21.0/24 or 10.201.24.0/24 or 10.100.9.0/24 and so on.
the second important thing is tha we have to present ourself with ip 10.z.x.y .
Under Zyxel we have
-Vpn connection + Vpn gateway + VTI+ POLICY ROUTE With SNAT
Is possible to do this under Mikrotik