Re: [Mikrotik] IPSec Trouble

2014-04-08 Thread Rick Smith 
what do you mean by split tunnel ?

I've got the standard ip firewall rules in as rule 0 to allow all this back
and forth traffic as un-masq'd.





On Tue, Apr 8, 2014 at 4:01 PM, Jerry Roy  wrote:

> Look at your Nat if this is split tunnel.
>
> You should nat thru tunnel and masquerade to internet
>
> *Jerry Roy*
> Sr. Systems Engineer
> MTCNA/MTCRE/MTCTCE
>
>
>  1 949 681 5054
> 1 562 305 9545 Cell
>
> Unity Network Services
>
> *An iPass Company*
> 125 Technology Drive
> Suite 100
> Irvine, CA 92618
>
>
>
>
> On Tue, Apr 8, 2014 at 12:48 PM, Rick Smith  wrote:
>
> > I get the point of initiating from the spoke to the hub...  so, I killed
> /
> > flushed ALL connections on both sides.
> > Pinged from the spoke to the other side of the hub, and everything came
> up
> > - remote peers, installed SA's, etc... but I can STILL see the individual
> > packets...   That's not good...
> >
> >
> >
> >
> > On Tue, Apr 8, 2014 at 2:57 PM, Jerry Roy  wrote:
> >
> > > Working? :)
> > >
> > > *Jerry Roy*
> > > Sr. Systems Engineer
> > > MTCNA/MTCRE/MTCTCE
> > >
> > >
> > >  1 949 681 5054
> > > 1 562 305 9545 Cell
> > >
> > > Unity Network Services
> > >
> > > *An iPass Company*
> > > 125 Technology Drive
> > > Suite 100
> > > Irvine, CA 92618
> > >
> > >
> > >
> > >
> > > On Mon, Apr 7, 2014 at 11:26 AM, Rick Smith 
> wrote:
> > >
> > > > Doylestown = Spoke side...
> > > >
> > > > Thanks jerry.
> > > >
> > > >
> > > > On Mon, Apr 7, 2014 at 12:32 PM, Jerry Roy  wrote:
> > > >
> > > > > send an export of the spoke side.
> > > > >
> > > > > Thanks
> > > > >
> > > > > *Jerry Roy*
> > > > > -- next part --
> > > > > An HTML attachment was scrubbed...
> > > > > URL: <
> > > > >
> > > >
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/898400f2/attachment.html
> > > > > >
> > > > > ___
> > > > > Mikrotik mailing list
> > > > > Mikrotik@mail.butchevans.com
> > > > > http://mail.butchevans.com/mailman/listinfo/mikrotik
> > > > >
> > > > > Visit http://blog.butchevans.com/ for tutorials related to
> Mikrotik
> > > > > RouterOS
> > > > >
> > > > -- next part --
> > > > An HTML attachment was scrubbed...
> > > > URL: <
> > > >
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.html
> > > > >
> > > > -- next part --
> > > > A non-text attachment was scrubbed...
> > > > Name: doylestown_export.rsc
> > > > Type: application/octet-stream
> > > > Size: 3125 bytes
> > > > Desc: not available
> > > > URL: <
> > > >
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.obj
> > > > >
> > > > ___
> > > > Mikrotik mailing list
> > > > Mikrotik@mail.butchevans.com
> > > > http://mail.butchevans.com/mailman/listinfo/mikrotik
> > > >
> > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > > > RouterOS
> > > >
> > > -- next part --
> > > An HTML attachment was scrubbed...
> > > URL: <
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/a1a18e67/attachment.html
> > > >
> > > -- next part --
> > > A non-text attachment was scrubbed...
> > > Name: image001.gif
> > > Type: image/gif
> > > Size: 2041 bytes
> > > Desc: not available
> > > URL: <
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/a1a18e67/attachment.gif
> > > >
> > > ___
> > > Mikrotik mailing list
> > > Mikrotik@mail.butchevans.com
> > > http://mail.butchevans.com/mailman/listinfo/mikrotik
> > >
> > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > > RouterOS
> > >
> > -- next part --
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/31af842f/attachment.html
> > >
> > ___
> > Mikrotik mailing list
> > Mikrotik@mail.butchevans.com
> > http://mail.butchevans.com/mailman/listinfo/mikrotik
> >
> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > RouterOS
> >
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/123cee19/attachment.html
> >
> -- next part --
> A non-text attachment was scrubbed...
> Name: image001.gif
> Type: image/gif
> Size: 2041 bytes
> Desc: not available
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/123cee19/attachment.gif
> >
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>

Re: [Mikrotik] IPSec Trouble

2014-04-08 Thread Jerry Roy 
Split tunnel means allow traffic destined to the other end to be encrypted
and all the remaining traffic defined straight to the internet vs. single
tunnel which all traffic is encrypted and sent thru the tunnel to the other
side. After I looked at it, you do have split tunnel ;)

*Jerry Roy*
Sr. Systems Engineer
MTCNA/MTCRE/MTCTCE


 1 949 681 5054
1 562 305 9545 Cell

Unity Network Services

*An iPass Company*
125 Technology Drive
Suite 100
Irvine, CA 92618




On Tue, Apr 8, 2014 at 1:45 PM, Rick Smith  wrote:

> what do you mean by split tunnel ?
>
> I've got the standard ip firewall rules in as rule 0 to allow all this back
> and forth traffic as un-masq'd.
>
>
>
>
>
> On Tue, Apr 8, 2014 at 4:01 PM, Jerry Roy  wrote:
>
> > Look at your Nat if this is split tunnel.
> >
> > You should nat thru tunnel and masquerade to internet
> >
> > *Jerry Roy*
> > Sr. Systems Engineer
> > MTCNA/MTCRE/MTCTCE
> >
> >
> >  1 949 681 5054
> > 1 562 305 9545 Cell
> >
> > Unity Network Services
> >
> > *An iPass Company*
> > 125 Technology Drive
> > Suite 100
> > Irvine, CA 92618
> >
> >
> >
> >
> > On Tue, Apr 8, 2014 at 12:48 PM, Rick Smith  wrote:
> >
> > > I get the point of initiating from the spoke to the hub...  so, I
> killed
> > /
> > > flushed ALL connections on both sides.
> > > Pinged from the spoke to the other side of the hub, and everything came
> > up
> > > - remote peers, installed SA's, etc... but I can STILL see the
> individual
> > > packets...   That's not good...
> > >
> > >
> > >
> > >
> > > On Tue, Apr 8, 2014 at 2:57 PM, Jerry Roy  wrote:
> > >
> > > > Working? :)
> > > >
> > > > *Jerry Roy*
> > > > Sr. Systems Engineer
> > > > MTCNA/MTCRE/MTCTCE
> > > >
> > > >
> > > >  1 949 681 5054
> > > > 1 562 305 9545 Cell
> > > >
> > > > Unity Network Services
> > > >
> > > > *An iPass Company*
> > > > 125 Technology Drive
> > > > Suite 100
> > > > Irvine, CA 92618
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Apr 7, 2014 at 11:26 AM, Rick Smith 
> > wrote:
> > > >
> > > > > Doylestown = Spoke side...
> > > > >
> > > > > Thanks jerry.
> > > > >
> > > > >
> > > > > On Mon, Apr 7, 2014 at 12:32 PM, Jerry Roy  wrote:
> > > > >
> > > > > > send an export of the spoke side.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > *Jerry Roy*
> > > > > > -- next part --
> > > > > > An HTML attachment was scrubbed...
> > > > > > URL: <
> > > > > >
> > > > >
> > > >
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/898400f2/attachment.html
> > > > > > >
> > > > > > ___
> > > > > > Mikrotik mailing list
> > > > > > Mikrotik@mail.butchevans.com
> > > > > > http://mail.butchevans.com/mailman/listinfo/mikrotik
> > > > > >
> > > > > > Visit http://blog.butchevans.com/ for tutorials related to
> > Mikrotik
> > > > > > RouterOS
> > > > > >
> > > > > -- next part --
> > > > > An HTML attachment was scrubbed...
> > > > > URL: <
> > > > >
> > > >
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.html
> > > > > >
> > > > > -- next part --
> > > > > A non-text attachment was scrubbed...
> > > > > Name: doylestown_export.rsc
> > > > > Type: application/octet-stream
> > > > > Size: 3125 bytes
> > > > > Desc: not available
> > > > > URL: <
> > > > >
> > > >
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.obj
> > > > > >
> > > > > ___
> > > > > Mikrotik mailing list
> > > > > Mikrotik@mail.butchevans.com
> > > > > http://mail.butchevans.com/mailman/listinfo/mikrotik
> > > > >
> > > > > Visit http://blog.butchevans.com/ for tutorials related to
> Mikrotik
> > > > > RouterOS
> > > > >
> > > > -- next part --
> > > > An HTML attachment was scrubbed...
> > > > URL: <
> > > >
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/a1a18e67/attachment.html
> > > > >
> > > > -- next part --
> > > > A non-text attachment was scrubbed...
> > > > Name: image001.gif
> > > > Type: image/gif
> > > > Size: 2041 bytes
> > > > Desc: not available
> > > > URL: <
> > > >
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/a1a18e67/attachment.gif
> > > > >
> > > > ___
> > > > Mikrotik mailing list
> > > > Mikrotik@mail.butchevans.com
> > > > http://mail.butchevans.com/mailman/listinfo/mikrotik
> > > >
> > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > > > RouterOS
> > > >
> > > -- next part --
> > > An HTML attachment was scrubbed...
> > > URL: <
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/31af842f/attachment.html
> > > >
> > > ___
> > > Mikrotik mailing list
> > > Mikrotik@mail.butchevans.com
>

Re: [Mikrotik] IPSec Trouble

2014-04-08 Thread Jerry Roy 
Look at your Nat if this is split tunnel.

You should nat thru tunnel and masquerade to internet

*Jerry Roy*
Sr. Systems Engineer
MTCNA/MTCRE/MTCTCE


 1 949 681 5054
1 562 305 9545 Cell

Unity Network Services

*An iPass Company*
125 Technology Drive
Suite 100
Irvine, CA 92618




On Tue, Apr 8, 2014 at 12:48 PM, Rick Smith  wrote:

> I get the point of initiating from the spoke to the hub...  so, I killed /
> flushed ALL connections on both sides.
> Pinged from the spoke to the other side of the hub, and everything came up
> - remote peers, installed SA's, etc... but I can STILL see the individual
> packets...   That's not good...
>
>
>
>
> On Tue, Apr 8, 2014 at 2:57 PM, Jerry Roy  wrote:
>
> > Working? :)
> >
> > *Jerry Roy*
> > Sr. Systems Engineer
> > MTCNA/MTCRE/MTCTCE
> >
> >
> >  1 949 681 5054
> > 1 562 305 9545 Cell
> >
> > Unity Network Services
> >
> > *An iPass Company*
> > 125 Technology Drive
> > Suite 100
> > Irvine, CA 92618
> >
> >
> >
> >
> > On Mon, Apr 7, 2014 at 11:26 AM, Rick Smith  wrote:
> >
> > > Doylestown = Spoke side...
> > >
> > > Thanks jerry.
> > >
> > >
> > > On Mon, Apr 7, 2014 at 12:32 PM, Jerry Roy  wrote:
> > >
> > > > send an export of the spoke side.
> > > >
> > > > Thanks
> > > >
> > > > *Jerry Roy*
> > > > -- next part --
> > > > An HTML attachment was scrubbed...
> > > > URL: <
> > > >
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/898400f2/attachment.html
> > > > >
> > > > ___
> > > > Mikrotik mailing list
> > > > Mikrotik@mail.butchevans.com
> > > > http://mail.butchevans.com/mailman/listinfo/mikrotik
> > > >
> > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > > > RouterOS
> > > >
> > > -- next part --
> > > An HTML attachment was scrubbed...
> > > URL: <
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.html
> > > >
> > > -- next part --
> > > A non-text attachment was scrubbed...
> > > Name: doylestown_export.rsc
> > > Type: application/octet-stream
> > > Size: 3125 bytes
> > > Desc: not available
> > > URL: <
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.obj
> > > >
> > > ___
> > > Mikrotik mailing list
> > > Mikrotik@mail.butchevans.com
> > > http://mail.butchevans.com/mailman/listinfo/mikrotik
> > >
> > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > > RouterOS
> > >
> > -- next part --
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/a1a18e67/attachment.html
> > >
> > -- next part --
> > A non-text attachment was scrubbed...
> > Name: image001.gif
> > Type: image/gif
> > Size: 2041 bytes
> > Desc: not available
> > URL: <
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/a1a18e67/attachment.gif
> > >
> > ___
> > Mikrotik mailing list
> > Mikrotik@mail.butchevans.com
> > http://mail.butchevans.com/mailman/listinfo/mikrotik
> >
> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > RouterOS
> >
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/31af842f/attachment.html
> >
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
-- next part --
An HTML attachment was scrubbed...
URL: 

-- next part --
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2041 bytes
Desc: not available
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] IPSec Trouble

2014-04-08 Thread Rick Smith 
I get the point of initiating from the spoke to the hub...  so, I killed /
flushed ALL connections on both sides.
Pinged from the spoke to the other side of the hub, and everything came up
- remote peers, installed SA's, etc... but I can STILL see the individual
packets...   That's not good...




On Tue, Apr 8, 2014 at 2:57 PM, Jerry Roy  wrote:

> Working? :)
>
> *Jerry Roy*
> Sr. Systems Engineer
> MTCNA/MTCRE/MTCTCE
>
>
>  1 949 681 5054
> 1 562 305 9545 Cell
>
> Unity Network Services
>
> *An iPass Company*
> 125 Technology Drive
> Suite 100
> Irvine, CA 92618
>
>
>
>
> On Mon, Apr 7, 2014 at 11:26 AM, Rick Smith  wrote:
>
> > Doylestown = Spoke side...
> >
> > Thanks jerry.
> >
> >
> > On Mon, Apr 7, 2014 at 12:32 PM, Jerry Roy  wrote:
> >
> > > send an export of the spoke side.
> > >
> > > Thanks
> > >
> > > *Jerry Roy*
> > > -- next part --
> > > An HTML attachment was scrubbed...
> > > URL: <
> > >
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/898400f2/attachment.html
> > > >
> > > ___
> > > Mikrotik mailing list
> > > Mikrotik@mail.butchevans.com
> > > http://mail.butchevans.com/mailman/listinfo/mikrotik
> > >
> > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > > RouterOS
> > >
> > -- next part --
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.html
> > >
> > -- next part --
> > A non-text attachment was scrubbed...
> > Name: doylestown_export.rsc
> > Type: application/octet-stream
> > Size: 3125 bytes
> > Desc: not available
> > URL: <
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.obj
> > >
> > ___
> > Mikrotik mailing list
> > Mikrotik@mail.butchevans.com
> > http://mail.butchevans.com/mailman/listinfo/mikrotik
> >
> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > RouterOS
> >
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/a1a18e67/attachment.html
> >
> -- next part --
> A non-text attachment was scrubbed...
> Name: image001.gif
> Type: image/gif
> Size: 2041 bytes
> Desc: not available
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/a1a18e67/attachment.gif
> >
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] IPSec Trouble

2014-04-08 Thread Jerry Roy 
Working? :)

*Jerry Roy*
Sr. Systems Engineer
MTCNA/MTCRE/MTCTCE


 1 949 681 5054
1 562 305 9545 Cell

Unity Network Services

*An iPass Company*
125 Technology Drive
Suite 100
Irvine, CA 92618




On Mon, Apr 7, 2014 at 11:26 AM, Rick Smith  wrote:

> Doylestown = Spoke side...
>
> Thanks jerry.
>
>
> On Mon, Apr 7, 2014 at 12:32 PM, Jerry Roy  wrote:
>
> > send an export of the spoke side.
> >
> > Thanks
> >
> > *Jerry Roy*
> > -- next part --
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/898400f2/attachment.html
> > >
> > ___
> > Mikrotik mailing list
> > Mikrotik@mail.butchevans.com
> > http://mail.butchevans.com/mailman/listinfo/mikrotik
> >
> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > RouterOS
> >
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.html
> >
> -- next part --
> A non-text attachment was scrubbed...
> Name: doylestown_export.rsc
> Type: application/octet-stream
> Size: 3125 bytes
> Desc: not available
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/fcad64d3/attachment.obj
> >
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
-- next part --
An HTML attachment was scrubbed...
URL: 

-- next part --
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2041 bytes
Desc: not available
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] IPSec Trouble

2014-04-07 Thread Rick Smith 
Doylestown = Spoke side...

Thanks jerry.


On Mon, Apr 7, 2014 at 12:32 PM, Jerry Roy  wrote:

> send an export of the spoke side.
>
> Thanks
>
> *Jerry Roy*
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20140407/898400f2/attachment.html
> >
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
-- next part --
An HTML attachment was scrubbed...
URL: 

-- next part --
A non-text attachment was scrubbed...
Name: doylestown_export.rsc
Type: application/octet-stream
Size: 3125 bytes
Desc: not available
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] IPSec Trouble

2014-04-07 Thread Jerry Roy 
Looks like the attachment was scrubbed. email to j...@ipass.com, lets see
if that will work :)

*Jerry*
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] IPSec Trouble

2014-04-07 Thread Jerry Roy 
send an export of the spoke side.

Thanks

*Jerry Roy*
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

[Mikrotik] IPSec Trouble

2014-04-06 Thread Rick Smith 
Guys,

Trying to get some ipSEC stuff running here.

We have a cloud router running in a datacenter with a public IP.  I want
remote site to site tunnels running with IPSec configs to tunnel remote
offices here.

Followed the Mikrotik Manual for IPSec Site to Site using the
192.168.80/.90 example, and it worked great on a bench.  When I try to
re-interpret with my actual IP's, I get tunneling back and forth, but
traffic is visible using Torch and when doing it by the book, it was only
showed IPSec and isakmp protocols, which is how I would expect to see
encrypted traffic.

Cloud Router Side - Custom Linux machine with Mikrotik 6.2

let's say public IP is 1.1.1.1

PPTP server running with local address 172.16.0.1 and remote 172.16.0.2 for
this user id.

Local network here is 10.254.254.0/24 - remote network is 192.168.88.0/24

10.254.254.1 is the local lan ether address on ether2



Remote Office Side is a Routerboard 1100AHx2 running 6.11

Dynamic IP Address - actually get a 10.0.0.0/24 address from Comcast

Local network here is 192.168.88.0/24, and local lan is 192.168.88.1 on
ether2

By just using PPTP tunnelling, I can route the networks perfectly.
 Everthing travels smoothly.Try to encrypt it with IPSec, and I get no
encryption on the tunnel... traffic is still being seen in the clear.
Traffic still routes, but I'm seeing the indvidual ports being opened
across the tunnel, instead of just an ipsec protocol



10.254.254.0/24 -> 1.1.1.1 < -- > DynamicIP <- 192.168.88.0/24

On thing I thought would help was having the pptp tunnel in between, with
172.16.0.1 on the cloud side and 172.16.0.2 on the remote office side, and
using those two addresses as the ipsec policy routing / peer IP's, but
that's no go either.

Anyone have suggestions ?

Thanks

Rick
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS