Hi !
I'm having a problem that you may help me solve, I really hope so !
I've on Side A a Mikrotik 750GR3 (will upgrade to 4011 later on this year) and on Side B a Fortinet (don't know the model as it's a vendor's network and I do not have access to it).
I was asked to perform an IPSEC VPN TUNNEL. After some days I managed to establish the tunnel but now I'm facing a problem with packet flow.
On the IPSec policy I've configured a source address (/30) they provided and that IP is different from my actual LAN subnet.
I configured this rule in IP Firewall NAT (position 0):
add action=netmap chain=srcnat dst-address=IPSecPolicyDSTAddress src-address=\
LANSEGMENT/24 to-addresses=IPSecPolicySRCAddress
With that NAT srcnat rule configured I managed to ping from inside my LAN to my ipsec policy dst address (/24 IP) and packets are being sent through IPSEC Tunnel (Outgoing SA packet count increases), but Incoming SA is still at zero.
I think I'm missing something important... very important... but can't figure out what...
Thanks!