Hi all,

Since I have finally established dynamic IPSec tunnel between two Mikrotik, I would like to know if anyone had any success doing dynamic IPSec tunnel with other vendor. We are in the process of replacing a lot of RV042 but would like to do so without replacing them all at once. Also bigger customers use Netscreen 25 appliances and we would like to keep them for the moment.

Reading the log on the Netscreen, I think MT uses its IP has PEER ID, that will cause issue when IP would be different.

Also, still looking to find usefull log on the IPSec from my Mikrotik side, is there something I should do or go to get more ifo on the connection status of my tunnel.

Sabrina

By dynamic IPSec tunnel do you mean a failover tunnel? (that is, if one wan link breaks, the tunnel is stablished by other wan link?)

I'd like to see this, because I'd like to implement as well. Could you post it?.

I've setup ipsec between mikrotik an openswan in linux, I can give you details if you need, but is fairly simple.

David,

no, what I meant was an IPSec tunel from a dynamic, not reserved IP site to a fixed IP. But strangely I would also need to do multiple tunnel scenario, but can you just prioritized the routing table using metrics?

Sabrina

but can you just prioritized the routing table using metrics

No because you can't have 2 tunnels between 2 lans with the same policy (src and dst address)
You have to change it "dinamically" when some connection dies. (not sure but with netwatch and a script?) I'm new to routeros.