[Mikrotik] IPSec

Mike Hammett butch-mikrotik at ics-il.net
Sat Jun 7 01:27:46 CDT 2008

I had (obviously incorrectly) assumed that the masquerading would masquerade 
the traffic destined to the remote router as coming from the local router 
instead of the local PC.

Mike Hammett
Intelligent Computing Solutions

----- Original Message ----- 
From: "Butch Evans" <butche at butchevans.com>
To: "Mikrotik discussions" <mikrotik at mail.butchevans.com>
Sent: Saturday, June 07, 2008 12:39 AM
Subject: Re: [Mikrotik] IPSec

> On Fri, 6 Jun 2008, Mike Hammett wrote:
>>I'm trying to setup a 3.10 IPSec tunnel between two Mikrotiks.
>>First off, the manual isn't correct.  I do exactly what they say
>>and I get an error.  As it turns out, you're also required to
>>choose an AH In\Out Algorithm.  It also doesn't explain things
>>well, like ah-spi.
> First, why are you creating a manual-sa?  This is usually not
> necessary and it is easier to not do this manually.  Second
> question: Are you masquerading traffic on the LAN of either side of
> this tunnel?  If so, you have to make an exception for the IPSEC
> policy traffic.  The traffic flow diagram is very clear in this
> regard.
> Use the example titled "IPsec Between two Masquerading MikroTik
> Routers", as it does not require a manual key.
> -- 
> ********************************************************************
> *Butch Evans *Professional Network Consultation *
> *Network Engineering *MikroTik RouterOS    *
> *573-276-2879 *ImageStream                       *
> *http://www.butchevans.com/ *StarOS and MORE                   *
> *Mikrotik Certified Consultant *Wired or Wireless Networks        *
> ********************************************************************
> _______________________________________________
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> http://www.butchevans.com/mailman/listinfo/mikrotik

More information about the Mikrotik mailing list