Sorry but I have this problem and I don't find a solution.
I find another people with this problem.
I have some customer with Internet connection with only one static pubblic IP address.
The provider's router have this IP and I cannot relay this IP on the RouterBoard 750GL.
I find this schema from another topic:
Can somebody tell me if it's possible to make VPN connection between the 2 sites???
Also not IPsec, also with another type of VPN....
If not, I stop trying this way and I try to find another solution.
What is the configuration of Mikrotik?
What is the configuration to add to provider's router (port to open towards the Mikrotik)?
With this schema I can do the VPN with Cisco ASA: I don't want to believe that it is not possible with Mikrotik!
Thanks in advance.
P77.
VPN IPSec MTK <---> MTK behind NAT.
You do not have the required permissions to view the files attached to this post.
Re: VPN IPSec MTK <---> MTK behind NAT.
A. Yes. It is possible.
B. NAT Traversal is needed but it is an "evil"
C. Try to establish GRE Tunnel as it is easier to manage and then IPSec over GRE.
D. Wait till ROS 6.30 which seems to have GRE+IPSec integrated.
B. NAT Traversal is needed but it is an "evil"
C. Try to establish GRE Tunnel as it is easier to manage and then IPSec over GRE.
D. Wait till ROS 6.30 which seems to have GRE+IPSec integrated.
Re: VPN IPSec MTK <---> MTK behind NAT.
Thank you BartoszP!
any idea when it comes out the version 6.30?
Any tutorial to set up GRE with IP sec?
Thank you.
any idea when it comes out the version 6.30?
Any tutorial to set up GRE with IP sec?
Thank you.
Re: VPN IPSec MTK <---> MTK behind NAT.
GRE:
http://wiki.mikrotik.com/wiki/Manual:Interface/Gre
Use any non-public address pool for GRE ends. I suggest pool different than your 192.168.x.x pools eg. 10.y.y.y
IPSec:
http://gregsowell.com/?p=787
http://gregsowell.com/wp-content/upload ... k-vpn1.pdf
Use your GRE addresses as peer's ones used in this superb Greg's tutorial .
BTW Greg Sowell makes fantastic job and his tutorials are very helpfull
http://wiki.mikrotik.com/wiki/Manual:Interface/Gre
Use any non-public address pool for GRE ends. I suggest pool different than your 192.168.x.x pools eg. 10.y.y.y
IPSec:
http://gregsowell.com/?p=787
http://gregsowell.com/wp-content/upload ... k-vpn1.pdf
Use your GRE addresses as peer's ones used in this superb Greg's tutorial .
BTW Greg Sowell makes fantastic job and his tutorials are very helpfull
Re: VPN IPSec MTK <---> MTK behind NAT.
Hi,
I 've already used the pdf of Greg Sowell to setup the first IPsec configuration between the HQ and one of three sites.
It was very helpfull!!!
Now the remaining two sites are those with only one public static IP where I've to use the GRE with IPsec.
So if I well understand now, after configuration of GRE, I can begin IPsec conf and instead of Real IP address, I 've to use in the peers configuration, the interface GRE IP instead the pubblic IP address, correct?
Thanks.
I 've already used the pdf of Greg Sowell to setup the first IPsec configuration between the HQ and one of three sites.
It was very helpfull!!!
Now the remaining two sites are those with only one public static IP where I've to use the GRE with IPsec.
So if I well understand now, after configuration of GRE, I can begin IPsec conf and instead of Real IP address, I 've to use in the peers configuration, the interface GRE IP instead the pubblic IP address, correct?
Thanks.
Re: VPN IPSec MTK <---> MTK behind NAT.
Yes....GRE IPs instead of public ones.
If you use IPSec over eg. GRE then peears are stable. Once setted up you do not change them. You only need to have "the lower tunnel" running.
If you change GRE to IPIP then IPSec will be still happy as it cares only about peer's IP addresses.
You must however remeber that IPSec over GRE or IPIP changes MTU and you have "tho lower" tunnel running and you need to secure potential traffic over it but you can use it as management network.
If you use IPSec over eg. GRE then peears are stable. Once setted up you do not change them. You only need to have "the lower tunnel" running.
If you change GRE to IPIP then IPSec will be still happy as it cares only about peer's IP addresses.
You must however remeber that IPSec over GRE or IPIP changes MTU and you have "tho lower" tunnel running and you need to secure potential traffic over it but you can use it as management network.