Community discussions

MUM Europe 2020
 
anaktos
newbie
Topic Author
Posts: 27
Joined: Wed Feb 10, 2010 8:55 pm
Location: Rosario - Argentina

Mikrotik as Ipsec Concentrator and Client

Mon Oct 09, 2017 7:19 pm

I need to do this on RB3011:

Site 1 (cisco) -------Ipsec--(Internet)---------> RB3011 (Ipsec concentrator) ----------------Ipsec--(Internet)--------->Site 5 (Cisco)
Site 2 (cisco) -------Ipsec--(Internet)-----------^
Site 3 (cisco) -------Ipsec--(Internet)-------------^
Site 4 (cisco) -------Ipsec--(Internet)---------------^


It´s possible?
Any recomendation?
You do not have the required permissions to view the files attached to this post.
______
MTCNA
 
pe1chl
Forum Guru
Forum Guru
Posts: 6249
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mikrotik as Ipsec Concentrator and Client

Mon Oct 09, 2017 11:29 pm

Do you configure all the routers? Or at least have detailed info how they are configured? That is very important for such a setup to succeed.
Configuring IPsec while treating the other end as a blackbox is very difficult and time-consuming!
 
anaktos
newbie
Topic Author
Posts: 27
Joined: Wed Feb 10, 2010 8:55 pm
Location: Rosario - Argentina

Re: Mikrotik as Ipsec Concentrator and Client

Tue Oct 10, 2017 2:41 pm

Hello pe1chl, not only I am going to form the RB3011.

In the sites 1,2,3,4 I have to send to them the information to establish the tunnel Ipsec.

For the connection to the site 5, they have to give me the information of the connection, my RB acts like client
______
MTCNA
 
pe1chl
Forum Guru
Forum Guru
Posts: 6249
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mikrotik as Ipsec Concentrator and Client

Tue Oct 10, 2017 2:53 pm

It can be done but it will not be a beginner's job...
Or of course you could be lucky and it could work 1st try.
My recommendation: configure GRE over IPsec transport, not plain IPsec tunnel.
Configure each GRE tunnel with a /30 network address from some unused range.
Use static routes or some routing protocol. (BGP, OSPF)

Who is online

Users browsing this forum: Baidu [Spider], ckleea, nemoforum, raybs, Valentin and 111 guests