Community discussions

MikroTik App
 
kefflar
just joined
Topic Author
Posts: 7
Joined: Tue Apr 12, 2011 12:28 pm

Site2Site ROS 7.6 to Zywall USG

Sun Jan 08, 2023 1:46 pm

Hi everyone,

I have tunel Site2Site beatwin Zywall USG 200 and CCR2004 Established. Since 6.48 tunel works fine after upgrade no tunel still established but communication lost. When I try ping other side of the tunel using LAN interface as outgoind ping works.
/ip ipsec profile
add dh-group=modp768 name=ph01 nat-traversal=no
/ip ipsec peer
add address=xxx.xxx.xxx.xxx/32 local-address=yyy.yyy.yyy.yyy name=S2S \
    profile=ph_1
/ip ipsec proposal
add enc-algorithms=3des name=ph_2
/ip ipsec identity
add peer=S2S_Remote
/ip ipsec policy
add dst-address=10.50.0.0/24 peer=S2S_Remote proposal=ph_2 src-address=\
    10.60.0.0/24 tunnel=yes
/ip ipsec profile
add dh-group=modp768 name=ph_1 nat-traversal=yes
/ip ipsec proposal
add enc-algorithms=3des name=ph_2
/ip/firewall/nat> print
Flags: X - disabled, I - invalid; D - dynamic 
 0    chain=srcnat action=accept src-address=10.60.0.0/24 dst-address=10.50.0.0/24 log=no log-prefix="" 
/tool/ping interface=LAN 10.50.0.1
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                                                                                                  
    0 10.50.0.1                                  56  63 30ms473us 
    1 10.50.0.1                                  56  63 25ms819us 
    2 10.50.0.1                                  56  63 40ms302us 
    3 10.50.0.1                                  56  63 38ms763us 
    4 10.50.0.1                                  56  63 40ms646us 
    5 10.50.0.1                                  56  63 35ms823us 
    6 10.50.0.1                                  56  63 22ms155us 
    7 10.50.0.1                                  56  63 29ms494us 
    8 10.50.0.1                                  56  63 35ms558us 
    sent=9 received=9 packet-loss=0% min-rtt=22ms155us avg-rtt=33ms225us max-rtt=40ms646us
    
/tool/ping 10.50.0.1
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                                                                                                  
    0 10.50.0.1                                                    timeout                                                                                                                                                                                 
    1 10.50.0.1                                                    timeout                                                                                                                                                                                 
    2 10.50.0.1                                                    timeout                                                                                                                                                                                 
    3 10.50.0.1                                                    timeout                                                                                                                                                                                 
    4 10.50.0.1                                                    timeout                                                                                                                                                                                 
    sent=5 received=0 packet-loss=100% 
Any sugestions?
 
kefflar
just joined
Topic Author
Posts: 7
Joined: Tue Apr 12, 2011 12:28 pm

Re: Site2Site ROS 7.6 to Zywall USG

Sun Jan 08, 2023 3:25 pm

/ip/route/add dst-address=10.50.0.0/24 gateway=LAN distance=1
Solve the problem. :)

Who is online

Users browsing this forum: No registered users and 20 guests