Hi everybody,
I'm trying to establish the tunnel Mikrotik - Cisco but I can't do that. In fact I read a lot articles about this but I still have some problems:
--- Side Cisco ---
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key password address 0.0.0.0 0.0.0.0
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport
crypto ipsec profile MyProfile
set transform-set ESP-3DES-SHA
--- Side Mikrotik ---
add payload of len 16, next type 13
add payload of len 16, next type 0
sendmsg (Invalid argument)
sendfromto failed
phase1 negotiation failed due to send error. xx.xx.xx.xx[500]<=>xx.xx.xx.xx[500] 48234ee72dbe88a3:0000000000000000
failed to begin ISAKMP SA negotiation for peer: gre-tunnel
KA: xx.xx.xx.xx[4500]->xx.xx.xx.xx[4500]
1 times of 1 bytes message will be sent to xx.xx.xx.xx[4500]
In the firewall rules the ports 500,4500,1701 has been permitted because I have L2TP running.
More config:
/ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade log=no log-prefix=""
0 chain=srcnat action=accept log=no log-prefix="" ipsec-policy=out,ipsec
/ip ipsec> proposal print
Flags: X - disabled, * - default
0 * name="default" auth-algorithms=sha1
enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m
pfs-group=modp1024
Does someone know what's wrong?
Thanks for your time.
John