I have tunel Site2Site beatwin Zywall USG 200 and CCR2004 Established. Since 6.48 tunel works fine after upgrade no tunel still established but communication lost. When I try ping other side of the tunel using LAN interface as outgoind ping works.
Code: Select all
/ip ipsec profile
add dh-group=modp768 name=ph01 nat-traversal=no
/ip ipsec peer
add address=xxx.xxx.xxx.xxx/32 local-address=yyy.yyy.yyy.yyy name=S2S \
profile=ph_1
/ip ipsec proposal
add enc-algorithms=3des name=ph_2
/ip ipsec identity
add peer=S2S_Remote
/ip ipsec policy
add dst-address=10.50.0.0/24 peer=S2S_Remote proposal=ph_2 src-address=\
10.60.0.0/24 tunnel=yes
/ip ipsec profile
add dh-group=modp768 name=ph_1 nat-traversal=yes
/ip ipsec proposal
add enc-algorithms=3des name=ph_2
/ip/firewall/nat> print
Flags: X - disabled, I - invalid; D - dynamic
0 chain=srcnat action=accept src-address=10.60.0.0/24 dst-address=10.50.0.0/24 log=no log-prefix=""
Code: Select all
/tool/ping interface=LAN 10.50.0.1
SEQ HOST SIZE TTL TIME STATUS
0 10.50.0.1 56 63 30ms473us
1 10.50.0.1 56 63 25ms819us
2 10.50.0.1 56 63 40ms302us
3 10.50.0.1 56 63 38ms763us
4 10.50.0.1 56 63 40ms646us
5 10.50.0.1 56 63 35ms823us
6 10.50.0.1 56 63 22ms155us
7 10.50.0.1 56 63 29ms494us
8 10.50.0.1 56 63 35ms558us
sent=9 received=9 packet-loss=0% min-rtt=22ms155us avg-rtt=33ms225us max-rtt=40ms646us
Code: Select all
/tool/ping 10.50.0.1
SEQ HOST SIZE TTL TIME STATUS
0 10.50.0.1 timeout
1 10.50.0.1 timeout
2 10.50.0.1 timeout
3 10.50.0.1 timeout
4 10.50.0.1 timeout
sent=5 received=0 packet-loss=100%