I have established an IPSEC tunnel between Mikrotik routers, both with version 6.49.7. When Checking for updates, both routers say they're up to date. Site A has a static AT&T address, Site B has a static Broadband Company address. At Site A, my laptop can ping all addresses at Site B and Winbox will connect to Site B's router. At Site B, my laptop can only ping the router at Site A and Site A router rejects the connection of Winbox from Site B. What am I missing?
Site A - (Jakes) - in addition to the tunnel, Site A has ports forwarded to a telephone switch for outside lines connected by SIP.
Site B - (Midland) - has remote IP phones that need to connect to the telephone switch at Site A and a Backup Server that needs access the pc's at Site A.
Setup : Site A lan addresses - 192.168.0.0/24. Site B lan addresses - 10.10.1.0/24
Site A (Jakes) IPSEC - Profile: IPSEC to Midland, sha512, auto, aes256, modp2048. all other settings are at default.
Peers: IPSEC Midland, remote static address, Profile - IPSEC to Midland, IKE2, Send initial contact
Identities: Peer - Midland, Pre Shared Key, Secret - entered security key here
Proposal:IKE2 Proposal, sha512, aes256cbc, modp2048
Policies: Peer - IPSEC Midland, Tunnel box checked, Src - 192.168.0.0/24, Dst - 10.10.1.0/24, Protocol all (255)
Action: encrypt, require, esp, use IKE2 proposal
Site B (Midland) IPSEC - Profile: IPSEC to Jakes, sha512, aes256, modp2048. all other setting are at default.
Peers: IPSEC Jakes, remote static address, Profile - IPSEC to Jakes, IKE2, Send initial contact
Identities: Peer - Jakes, Pre Shared Key, Secret - entered security key here
Proposal:IKE2 Proposal, sha512, aes256cbc, modp2048
Policies: Peer - IPSEC Jakes, Tunnel box checked, Src - 10.10.1.0/24, Dst - 192.168.0.0/24, Protocol all (255)
Action: encrypt, require, esp, use IKE2 proposal
These NAT rules have been moved to the top position 0.
NAT Rule Site A (Jakes) - src - 192.168.0.0/24. dst - 10.10.1.0/24. Action - accept
NAT rule Site B (Midland) - src - 10.10.1.0/24, dst - 192.168.0.0/24. Action - accept
Site A (Jakes) has filter rules in the Firewall section. I suspect they were created automatically when the port forwarding was done.
Site B (Midland) has no filter rules in the Firewall section