Hi,

I have 3 sites

1 Central Mikrotik.

So Site 1 talks to Site 2 over iPSEC VPN

So brought on Site 3

Copied the settings for IPSEC VPN I used to connect to site 2

And I can establish a VPN, but I do not get the Install SA Keys, and cant route traffic over the VPN.

Yet have put the firewall rule in NAT for the new Subnet, yet it just wont work. I have also moved it to the top just like the site 2 which does work.

Subnets dont clash, just cant see why its not routing.

If I look in Log, I do see a error

That says:

ipsec, debug couldnt find configuration

But have double checked each end and it looks OK. have deleted the Ipsec VPN and re done it.

Any Ideas.

Richy

Can you post your ipsec config here ?

Check if both sites have the same algorithms, has the same secret, correct peer addresses, make sure you have enabled tunnel mode, and also correct addresses in ipsec policy

Also if you are using NAT you have to create additional accept rule for ipsec

Here is very good example how to setup site to site ipsec tunnel
http://wiki.mikrotik.com/wiki/Manual:IP ... Sec_Tunnel

What does your firewall filters look like? Did you create new policies and proposals for the 3rd site?

Sent from my Nexus 6 using Tapatalk

Hi,

Thank you for the replies. I couldn't post a config as shortly after logging call the Unit seem ed to stop routing traffic on a VLAN. So ended up deleting the policies and it came back to life.

I do need to get this working, but had another idea on how to do it.

can a routerOS, dial another router OS via PPTP to establish a secure link?

Regards

Richy