[Mikrotik] IPSec

Mike Hammett butch-mikrotik at ics-il.net
Sat Jun 7 01:27:46 CDT 2008


I had (obviously incorrectly) assumed that the masquerading would masquerade 
the traffic destined to the remote router as coming from the local router 
instead of the local PC.


----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com


----- Original Message ----- 
From: "Butch Evans" <butche at butchevans.com>
To: "Mikrotik discussions" <mikrotik at mail.butchevans.com>
Sent: Saturday, June 07, 2008 12:39 AM
Subject: Re: [Mikrotik] IPSec


> On Fri, 6 Jun 2008, Mike Hammett wrote:
>
>>I'm trying to setup a 3.10 IPSec tunnel between two Mikrotiks.
>>First off, the manual isn't correct.  I do exactly what they say
>>and I get an error.  As it turns out, you're also required to
>>choose an AH In\Out Algorithm.  It also doesn't explain things
>>well, like ah-spi.
>
> First, why are you creating a manual-sa?  This is usually not
> necessary and it is easier to not do this manually.  Second
> question: Are you masquerading traffic on the LAN of either side of
> this tunnel?  If so, you have to make an exception for the IPSEC
> policy traffic.  The traffic flow diagram is very clear in this
> regard.
>
> Use the example titled "IPsec Between two Masquerading MikroTik
> Routers", as it does not require a manual key.
>
> -- 
> ********************************************************************
> *Butch Evans *Professional Network Consultation *
> *Network Engineering *MikroTik RouterOS    *
> *573-276-2879 *ImageStream                       *
> *http://www.butchevans.com/ *StarOS and MORE                   *
> *Mikrotik Certified Consultant *Wired or Wireless Networks        *
> ********************************************************************
> _______________________________________________
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> http://www.butchevans.com/mailman/listinfo/mikrotik
> 




More information about the Mikrotik mailing list