I have a site-to-site vpn and it is working correctly PH2 State is estabilished and also I see Installed Sas, but I can not ping the router and network computers.
I am using this tutorial and everything works fine but can't ping hosts. https://wiki.mikrotik.com/wiki/Manual:I ... sec_tunnel
Site 1 configuration
Code: Select all
/ip ipsec peer
add address=192.168.80.1/32 auth-method=pre-shared-key secret="test"
Code: Select all
/ip ipsec policy
add src-address=10.1.202.0/24 src-port=any dst-address=10.1.101.0/24 dst-port=any \
sa-src-address=192.168.90.1 sa-dst-address=192.168.80.1 \
tunnel=yes action=encrypt proposal=default
Site 2 configuration
Code: Select all
/ip ipsec peer
add address=192.168.90.1/32 auth-method=pre-shared-key secret="test"
Code: Select all
/ip ipsec policy
add src-address=10.1.101.0/24 src-port=any dst-address=10.1.202.0/24 dst-port=any \
sa-src-address=192.168.80.1 sa-dst-address=192.168.90.1 \
tunnel=yes action=encrypt proposal=default
NAT and Fasttrack Bypass
Office 1 router:
Code: Select all
/ip firewall nat
add chain=srcnat action=accept place-before=0 \
src-address=10.1.202.0/24 dst-address=10.1.101.0/24
Code: Select all
/ip firewall nat
add chain=srcnat action=accept place-before=0 \
src-address=10.1.101.0/24 dst-address=10.1.202.0/24
Adding Firewall raw Rule
Code: Select all
/ip firewall raw
add action=notrack chain=prerouting src-address=10.1.101.0/24 dst-address=10.1.202.0/24
add action=notrack chain=prerouting src-address=10.1.202.0/24 dst-address=10.1.101.0/24
Thanks and waiting advice using this tuturoial