On Thu, 11 Sep 2008, Josh Luthman wrote:
I believe your attachment was stripped off. Can you share the URL to a
website? Rapidshare, megaupload, etc.
All attachments are automatically stripped. The link is below. :-)
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec.txt
Url:
http://www.butchevans.com/pipermail/mikrotik/attachments/20080911/fc17de11/attachment.txt
What needs to happen is this:
/ ip ipsec policy
add src-address=PRIVATELAN dst-address=REMOTE_SLASH32 \
action=encrypt level=require ipsec-protocols=esp tunnel=yes \
sa-src-address=116.xx.xx.150 sa-dst-address=17.xx.xx.52
proposal="GT Mikrotik" manual-sa=none dont-fragment=clear disabled=no
Replace "PRIVATELAN" with the LAN address or network that the remote
/32 needs to talk to. REMOTE_SLASH32 is, of course, the /32 address
that needs to talk over the vpn. Also, ensure that you have the
exception in your NAT rules (/ip firewall nat) for src-nat for this
specific source and destination.
--
********************************************************************
*Butch Evans *Professional Network Consultation *
*Network Engineering *MikroTik RouterOS *
*573-276-2879 *ImageStream *
*http://www.butchevans.com/ *StarOS and MORE *
*http://blog.butchevans.com/ *Wired or wireless Networks *
*Mikrotik Certified Consultant *Professional Technical Trainer *
********************************************************************
