I want to setup an IPSEC link between Azure and MT-device for my client for quick workaround when new shops/locations are being installed, to cover the period needed for permanent setup of network equipment from our provider (which ultimately results in a BGP network where all sites are connected).
Why IPSEC ? Because that's the only damn thing allowed in that specific Azure setup for Site 2 Site VPN.
In Azure there are various servers for different purposes (ERP application, file servers, print servers, DNS, AD, ...).
On local premise there are basically computers, printers and scanners, all connected with cable or wifi.
The aim is the Azure servers should be able to reach the local printers for printing of documents generated by servers in the cloud. This works.
Local scanners should be able to drop their scanned documents to file servers located in Azure. This I can not get to work.
I've followed various guides but can't get it to work both ways. One way only.
This one from Tik about Site-to-site config
https://help.mikrotik.com/docs/display/ ... Ev1)tunnel
This one from Microsoft (older but still useful):
https://learn.microsoft.com/en-us/archi ... k-routeros
Azure setup is copy-paste from a connection to some Watchguard device (and using instructions referenced above). That one works both ways.
I have reached the point where traffic from Azure down to the local network works.
For now this is the most important part when we want to setup a new location.
But I want the other way to work as well. And there I am stuck.
Network diagram:
Mikrotik config (sanitized):
PS Yes, there is ALSO a Wireguard connection. I need to control that thing from home in case that IPSEC connection doesn't work.
And that Wireguard connection works just fine, no problems there
FWIW (and the experts will know what to do, I guess)
when pinging from local network to Azure server (10.0.1.16), I get a response like this:
Any comments or pointers are more then welcome.