RouterOS --- CISCO ---- Internet(IPSEC) ----- Mikrotik
RouterOS:
LAN: 192.168.8.1
WAN: 192.168.230.246(yes this is still private)
CISCO:
LAN:192.168.230.1
WAN:x.x.x.x (some public IP)
I am a total beginner on Mikrotik environment but I have some experience in Networking but totally new to IPSEC tunneling. I wanted to create a tunnel to the Mikrotik device(our client) but its not working. Below is my config.
Code: Select all
#RouterOS
/interface bridge add name=BR_LOOP disabled=no
/ip firewall nat
add action=src-nat chain=srcnat disabled=no to-address=172.15.46.254/32 dst-address=172.15.0.0/16 place-before=0 comment="MUST BE FIRST RULE"
/interface ipip
add disabled=no dscp=0 remote-address=xx.xx.xx.xx mtu=1480 name=ipipTest local-address=192.168.230.246
/ip address
add address=10.1.0.22/30 disabled=no interface=ipipTest
add address=172.15.46.254/32 disabled=no interface=BR_LOOP
/ip ipsec proposal
add auth-algorithms=md5 disabled=no enc-algorithms=3des lifetime=30m name=proposal1 pfs-group=none
/ip ipsec policy
add action=encrypt comment="RouterOS" disabled=no src-address=172.15.46.254/32 dst-port=any \
ipsec-protocols=esp level=require priority=0 proposal=default protocol=all sa-src-address=10.1.0.22 \
sa-dst-address=10.0.0.21 dst-address=172.16.0.0/16 src-port=any tunnel=yes
/ip ipsec peer
add address=10.0.0.21/32 auth-method=pre-shared-key comment="Remote" dh-group=modp1024 \
disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main \
generate-policy=no hash-algorithm=md5 lifebytes=0 lifetime=1d my-id-user-fqdn="" nat-traversal=no \
port=500 proposal-check=obey secret=SOMESECRET send-initial-contact=yes
-----1. Since my MikroTik RouterOS is behind a CISCO router, what port do I need to forward or how to I forward the packets going in to the local IP?
2. How do I check peer logs?
3. What am I missing here please?
