Code: Select all
# dec/11/2022 22:50:16 by RouterOS 6.49.7
# software id = UNB8-ZRER
#
# model = RB951G-2HnD
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-128 name=ike1-site2
/ip ipsec peer
add address=192.168.1.31/32 name=ike1-site2 profile=ike1-site2
/ip ipsec proposal
add enc-algorithms=aes-128-cbc name=ike1-site2 pfs-group=modp2048
/ip address
add address=192.168.1.30/24 interface=ether1 network=192.168.1.0
add address=10.1.202.1/24 interface=ether2 network=10.1.202.0
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip firewall nat
add action=accept chain=srcnat dst-address=10.1.101.0/24 src-address=\
10.1.202.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip firewall raw
add action=notrack chain=prerouting dst-address=10.1.202.0/24 src-address=\
10.1.101.0/24
add action=notrack chain=prerouting dst-address=10.1.101.0/24 src-address=\
10.1.202.0/24
/ip ipsec identity
add peer=ike1-site2 secret=thisisnotasecurepsk
/ip ipsec policy
add dst-address=10.1.101.0/24 peer=ike1-site2 proposal=ike1-site2 \
src-address=10.1.202.0/24 tunnel=yes
/ip route
add distance=1 gateway=192.168.1.10
/system identity
set name=MikroTikSiteA
Code: Select all
# dec/11/2022 22:58:13 by RouterOS 6.49.7
# software id = 87F0-5BWF
#
# model = 750
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-128 name=ike1-site1
/ip ipsec peer
add address=192.168.1.30/32 name=ike1-site1 profile=ike1-site1
/ip ipsec proposal
add enc-algorithms=aes-128-cbc name=ike1-site1 pfs-group=modp2048
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip address
add address=192.168.1.31/24 interface=ether1 network=192.168.1.0
add address=10.1.101.1/24 interface=ether2 network=10.1.101.0
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip firewall nat
add action=accept chain=srcnat dst-address=10.1.202.0/24 src-address=\
10.1.101.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip firewall raw
add action=notrack chain=prerouting dst-address=10.1.202.0/24 src-address=\
10.1.101.0/24
add action=notrack chain=prerouting dst-address=10.1.101.0/24 src-address=\
10.1.202.0/24
/ip ipsec identity
add peer=ike1-site1 secret=thisisnotasecurepsk
/ip ipsec policy
add dst-address=10.1.202.0/24 peer=ike1-site1 proposal=ike1-site1 \
src-address=10.1.101.0/24 tunnel=yes
/ip route
add distance=1 gateway=192.168.1.10
/system identity
set name=MikroTikSiteB
/tool user-manager database
set db-path=user-manager