Guys, Trying to get some ipSEC stuff running here.
We have a cloud router running in a datacenter with a public IP. I want remote site to site tunnels running with IPSec configs to tunnel remote offices here. Followed the Mikrotik Manual for IPSec Site to Site using the 192.168.80/.90 example, and it worked great on a bench. When I try to re-interpret with my actual IP's, I get tunneling back and forth, but traffic is visible using Torch and when doing it by the book, it was only showed IPSec and isakmp protocols, which is how I would expect to see encrypted traffic. Cloud Router Side - Custom Linux machine with Mikrotik 6.2 let's say public IP is 1.1.1.1 PPTP server running with local address 172.16.0.1 and remote 172.16.0.2 for this user id. Local network here is 10.254.254.0/24 - remote network is 192.168.88.0/24 10.254.254.1 is the local lan ether address on ether2 Remote Office Side is a Routerboard 1100AHx2 running 6.11 Dynamic IP Address - actually get a 10.0.0.0/24 address from Comcast Local network here is 192.168.88.0/24, and local lan is 192.168.88.1 on ether2 By just using PPTP tunnelling, I can route the networks perfectly. Everthing travels smoothly.Try to encrypt it with IPSec, and I get no encryption on the tunnel... traffic is still being seen in the clear. Traffic still routes, but I'm seeing the indvidual ports being opened across the tunnel, instead of just an ipsec protocol.... 10.254.254.0/24 -> 1.1.1.1 < -- > DynamicIP <- 192.168.88.0/24 On thing I thought would help was having the pptp tunnel in between, with 172.16.0.1 on the cloud side and 172.16.0.2 on the remote office side, and using those two addresses as the ipsec policy routing / peer IP's, but that's no go either. Anyone have suggestions ? Thanks Rick -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140406/6158a3cf/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
