Hi Jerry I don't have specific experience with Cisco at the far end. However are there more that a single subnet at either end of the link?
I have found that some other providers default to "unique" for SA's while the Mikrotik defaults to "require". This can mean that it fails to maintain the SA's properly and will also work on whichever subnet is first used but the others won't work. Can you please advise which RouterOS version you have installed and the RouterBoot version running (System > RouterBoard)? There have been quite a few change log entries in recent versions that reference IPSEC and have added features and squashed bugs. Personally I have 6.34.4 as my version in the network however most of my links are to other Mikrotik routers. Regards Alexander > On 27/05/2016, at 06:23, Roy, Jerry <jerry....@toltsolutions.com> wrote: > > Hey all, > > Need your expertise. We have MikroTik 750's building IPsec tunnels using > aes128 to a Cisco router. Our script initially brings up the tunnel via a > ping (runs 3 pings every minute) and tunnel will run until the lifetime > expires (I believe) but after it expires, it never rebuilds. We have to > manually go in and flush the SA's or kill connections. Any ideas what we can > do to fix this? Lifetimes for ike and IPsec are standard 24 and 8. > > Thanks, > > Jerry > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mail.butchevans.com/pipermail/mikrotik/attachments/20160526/ced13d69/attachment.html> > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
