Hi,
this is my first topic.
I'm trying to make a VPN IPsec between Cisco ASA and MTK. I found more tutorial very helpful
I tried with 2 sites with six public IP for each sites, and all work fine: router have a IP public 1.2.3.4, MKT the next of the pool: 1.2.3.5
I have the problem where the site have only one fixed public IP.
So I tried: (not real public IP!):
----- SITE 1 = HQ (Cisco ASA) ----------(8 public IP)
1)ROUTER WAN with public IP: 8.19.120.131
2)WAN Cisco ASA always public IP: 8.19.120.132
3)static route on the ASA: 0.0.0.0 0.0.0.0 to 8.19.120.131
4)LAN inside the ASA (lan for the clients): 192.168.0.1/24
----- SITE 2 = MTK ----------
1)ROUTER of the provider WAN with public IP: 8.9.10.11
2)ROUTER of the provider inside LAN : 192.168.100.1
3)WAN of MTK: 192.168.100.2
4)LAN inside the MTK (lan for the clients): 192.168.4.1/24
Now the clients on site 2 are able to go on the internet. I forward on the ROUTER on the site2 the port UDP/TCP 500 and UDP/TCP 4500 to the MTK(192.168.100.2)
The VPN IPSec don't work.
The traffic for the tunnel it should be from 192.168.0.1/24 to 192.168.4.1/24 and viceversa.
On the MTK I see under IP->IPSec ->Remote Peers:
"Remote Address": 8.19.120.132 (correct, is the public IP of the ASA)
"Local Address": I see the 192.168.100.2, and I think in not correct: I should see the public IP of the site2?
I hope I was clear.
Thank you.
LAN2-------MTK--------ROUTER-----------***WAN ***---------------ASA------------------LAN1
Re: VPN IPSec MTK to ASA - Only 1 public IP on one of two Site
I found on the web that is better to set Router Provider in Bridge Mode and make PPPoE auth on the MTK.
Somebody have put Alice Gateway Telecom Italia Router in bridge mode?
Tnx
Somebody have put Alice Gateway Telecom Italia Router in bridge mode?
Tnx
Re: VPN IPSec MTK to ASA - Only 1 public IP on one of two Site
When trying to bring up an IPsec tunnel behind NAT you need to use NAT-T [nat-traversal=yes]. You may also need to manually specify the peer IKE ID at each end.
Re: VPN IPSec MTK to ASA - Only 1 public IP on one of two Site
Hi
I flagged nat-t.
where I have to specify the remote peer?
Is there any other point in addition to the setting of IPsec?
Tnx in advance.
Paolo.
I flagged nat-t.
where I have to specify the remote peer?
Is there any other point in addition to the setting of IPsec?
Tnx in advance.
Paolo.
Re: VPN IPSec MTK to ASA - Only 1 public IP on one of two Site
Where you specify the peer, there is a field 'my-id'.
http://wiki.mikrotik.com/wiki/Manual:IP ... figuration
It might work without it though. Try it.
http://wiki.mikrotik.com/wiki/Manual:IP ... figuration
It might work without it though. Try it.