Details: Local network: 10.10.0.0/16
Remote networks 172.16.70.0/24 172.16.71.0/24 Local Public IP: 195.10.10.20 Remote Public IP: 202.10.10.20 /ip ipsec proposal set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=\ aes-256 lifetime=1h name=default pfs-group=modp1536 /ip ipsec peer add address=202.10.10.20/32:500 auth-method=pre-shared-key comment="" \ dh-group=modp1536 disabled=no dpd-interval=disable-dpd \ dpd-maximum-failures=2 enc-algorithm=aes-256 exchange-mode=aggressive \ generate-policy=no hash-algorithm=sha1 lifebytes=0 lifetime=5h \ nat-traversal=no proposal-check=obey secret=secretskey12345 \ send-initial-contact=no /ip ipsec policy add action=encrypt comment="" disabled=no dst-address=172.16.70.0/24:any \ ipsec-protocols=esp level=require priority=0 proposal=default protocol=\ all sa-dst-address=202.10.10.20 sa-src-address=195.10.10.20 \ src-address=10.10.0.0/16 :any tunnel=yes add action=encrypt comment="" disabled=no dst-address=172.16.71.0/24:any \ ipsec-protocols=esp level=require priority=0 proposal=default protocol=\ all sa-dst-address=202.10.10.20 sa-src-address=195.10.10.20 \ src-address=10.10.0.0/16 :any tunnel=yes Firewall:NAT /ip firewall nat add action=accept chain=srcnat comment="" disabled=yes dst-address=\ 172.16.70.0/24 src-address=10.10.0.0/16 add action=accept chain=srcnat comment="" disabled=yes dst-address=\ 172.16.71.0/24 src-address=10.10.0.0/16 Note: This has to be inserted above all masquerade rules Routing: None Once the tunnels are up Mikrotik does its thing. I will try and get the cisco config posted aswell. Kurt -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20100521/a51a7d39/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS