I have Cisco 2951 and Mikrotik RB4011iGS+ (6.49.2)
GRE/ipsec tunnel is up, phase2 status is established, but after 30-60 sec is down with error "79.111.xx.xx failed to pre-process ph2 packet."
Lan1: 192.168.50.0/23
Lan2: 192.168.40.0/24
WAN1: 91.211.xx.xx (Microtik)
WAN2: 79.111.xx.xx (Cisco)
GRE1:192.168.210.1/31
GRE2:192.168.210.2/31
Mikrotik config:
Code: Select all
/interface gre
add allow-fast-path=no disabled=yes mtu=1460 name=filial1 remote-address=\
79.111.xx.xx
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=3des name=filial1
/ip ipsec peer
add address=79.111.xx.xx/32 name=filial1 profile=filial1
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-128-cbc,3des name=filial1
/ip ipsec identity
add comment=filial1 my-id=address:91.211.xx.xx peer=filial1 \
policy-template-group=filial1 secret=MySecret
/ip ipsec policy
set 0 proposal=filial1
add dst-address=79.111.xx.xx/32 level=unique peer=filial1 proposal=filial1 \
protocol=gre src-address=91.211.xx.xx/32
/ip address
add address=192.168.210.1/31 interface=filial1 network=192.168.210.0
/ip route
add distance=1 dst-address=192.168.40.0/24 gateway=192.168.210.2
Code: Select all
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key MySecret address 91.211.xx.xx
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
!
crypto ipsec profile PROF
set transform-set TSET
interface Tunnel0
description to Office
ip address 192.168.210.2 255.255.255.252
keepalive 10 3
tunnel source GigabitEthernet0/1
tunnel mode ipsec ipv4
tunnel destination 91.211.xx.xx
tunnel protection ipsec profile PROF
ip route 192.168.50.0 255.255.255.0 192.168.210.1
access-list 101 permit gre any host 79.111.xx.xx
problem look like this:
viewtopic.php?t=118202
the same config with other mikrotik is work.
Could you help me to resolve this problem?