Community discussions

 
jgonzalez
just joined
Topic Author
Posts: 1
Joined: Thu Jun 14, 2018 6:00 pm

VPN ipsec tunnel with certificates

Thu Jun 14, 2018 6:12 pm

I have some problems finding tutorials for making this configuration.
My router is a mikrotik 1100dude and I want to connec as client to a ipsec secure gateway
The remote router is a CISCO ASA and the tunnel should be encripted with certificates.

I have the file certificate.p7b correctly imported in my mikrotik 1100, what created me three items under system/certificates, one marked as KLT and the other two as LT
Now I tryed to configure the ipsec peer unde IPsec/peers/new, in auth method I choose "rsa signature", now which certificate is the "remote certificate"?
Also which exchange mode I should use?

I have the following info from the remote peer:
IKE SA(phase1)
IKE version: IKEv1
Auth method: certificate
Encryption: AES-256
Hash: SHA-1
DF group: 5
Life duration: 86400 sec

I know where to correctly use all of this settings but don't know where to put this configuration also supplied by the remote peer:
IPSEC SA(phase 2)
Mode: ESP+AH
Encryption Alg: AES-256
Hash algorithm: SHA-1
PFS: 5
Life duration: 28800sec
Bytes limit: 4608000kbytes

Encryption domain
CNT IP plan: 9.9.9.9/28
Remote IP plan: 1.1.1.1/30

Please help me with the next steps as I can't find any tutorial about it.

Thanks

Who is online

Users browsing this forum: Markut, mkx, redalg and 39 guests