Community discussions

MikroTik App
 
ironsaddle
just joined
Topic Author
Posts: 1
Joined: Wed Mar 15, 2023 4:43 pm

IPsec tunnel between Mikrotik and Cisco ASA

Wed Mar 15, 2023 5:15 pm

Hi everyone.

I have a question considering secured tunnel between Mikrotik and Cisco ASA that will make it possible to establish BGP between both of them.
There were discussions here about VTI interfaces and the conclusion was that VTI is not yet implemented on RouterOS. As well as GRE is not implemented in Cisco ASA OS.

However there is an option in RouterOS which let you configure IPIP tunnel interface which uses IPsec (ipsec-secret). After doing this a dynamic IPsec peer and an IPsec identity based on a default IPsec profile is created (they are needed for IPsec Phase 1). Moreover if you configure IPsec Phase 1 parameters on Cisco ASA, a security session will be established - Phase 1 is up (it's seen on both Mikrotik and Cisco ASA).

Unfortunately it is still not clear how to configure IPsec phase 2 parameters on Mikrotik for this IPIP tunnel with IPsec. I thought these Phase 2 parameters are described in IPsec proposal in default item, but it seems to be wrong. Because of that tunnel interface on Cisco doesn't go up, Mikrotik sees no traffic through its IPIP tunnel and phase 2 is not able to be established.

Does my intentions to create IPsec tunnel based on interfaces between Mikrotik and Cisco ASA have no future since beginning? Or may be you could clarify what I'm doing/thinking wrong?

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], sinisa and 98 guests