Community discussions

MikroTik App
  4. RouterOS
  5. General

ipsec problem

Post Reply
 
hajid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 96
Joined: Wed Mar 30, 2005 10:04 am

ipsec problem

Fri Nov 07, 2008 6:33 am

i try tunnel 2 mikrotik router with ipsec. but stil not success. this my configuration :

i still can't ping to local lan 172.13.1.0/24 or 192.168.10.0/24


[mas@router] /ip ipsec policy> pr
Flags: X - disabled, D - dynamic, I - inactive
0 src-address=172.13.1.0/24:any dst-address=192.168.10.0/24:any protocol=all
action=encrypt level=unique ipsec-protocols=esp tunnel=yes
sa-src-address=x.x.154.50 sa-dst-address=x.x.123.136
proposal=proposal1 manual-sa=none priority=0
[mas@router] /ip ipsec policy> ..
[mas@router] /ip ipsec> peer
[mas@router] /ip ipsec peer> pr
Flags: X - disabled
0 address=x.x.123.136/32:0 auth-method=pre-shared-key
secret="1112131415" generate-policy=yes exchange-mode=main
send-initial-contact=yes nat-traversal=no proposal-check=obey
hash-algorithm=sha1 enc-algorithm=3des dh-group=modp768 lifetime=1d
lifebytes=0 dpd-interval=20s dpd-maximum-failures=1
[mas@router] /ip ipsec peer> ..
[mas@router] /ip ipsec> proposal
[mas@router] /ip ipsec proposal> pr
Flags: X - disabled
0 name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
pfs-group=modp1024

1 name="proposal1" auth-algorithms=md5,sha1 enc-algorithms=3des lifetime=30m
pfs-group=modp1024



[opik@Gateway] /ip ipsec policy> pr
Flags: X - disabled, D - dynamic, I - inactive
0 src-address=192.168.10.0/24:any dst-address=172.13.1.0/24:any protocol=all
action=encrypt level=unique ipsec-protocols=esp tunnel=yes
sa-src-address=x.x.123.136 sa-dst-address=x.x.154.50
proposal=proposal1 manual-sa=none priority=0
[opik@Gateway] /ip ipsec policy> ..
[opik@Gateway] /ip ipsec> peer
[opik@Gateway] /ip ipsec peer> pr
Flags: X - disabled
0 address=x.x.154.50/32:0 auth-method=pre-shared-key secret="1112131415"
generate-policy=yes exchange-mode=main send-initial-contact=yes
nat-traversal=no proposal-check=obey hash-algorithm=sha1
enc-algorithm=3des dh-group=modp768 lifetime=1d lifebytes=0
dpd-interval=20s dpd-maximum-failures=1
[opik@Gateway] /ip ipsec peer> ..
[opik@Gateway] /ip ipsec> proposal
[opik@Gateway] /ip ipsec proposal> pr
Flags: X - disabled
0 name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
pfs-group=modp1024

1 name="proposal1" auth-algorithms=md5,sha1 enc-algorithms=3des lifetime=30m
pfs-group=modp1024


[opik@Gateway] /ip ipsec policy> pr stats
0 ph2-state=no-phase2
[opik@Gateway] /ip ipsec policy> ..
[opik@Gateway] /ip ipsec> installed-sa
[opik@Gateway] /ip ipsec installed-sa> flush
[opik@Gateway] /ip ipsec installed-sa>
Top
 
hajid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 96
Joined: Wed Mar 30, 2005 10:04 am

Re: ipsec problem

Mon Nov 10, 2008 4:41 am

hello guys....any body can help me with ipsec configuration.
Top
Post Reply
  4. RouterOS
  5. General