Dear Master,
I have a mikrotik rb 951G-2HnD v6.38.7
First, I trying to build IPSec site to site between Juniper to Mikrotik. The phase 1 and phase 2 up but somehow the traffic can not passthrough on IPSEC Tunnel.
Second, I try to update mikrotik to v6.40.3 (because traffic can not passthrough / ping rto), after the update is succeed I create a new ipsec site to site phase1 and Phase 2 on mikrotik to reconnect to juniper existing SA... But in the Phase 2 i get failed and always failed when i try to re-connect.
Here is bug :
09:29:33 ipsec searching for policy
09:29:33 ipsec policy not found
09:29:33 ipsec failed to get proposal for responder.
09:29:33 ipsec,error (public ip) failed to pre-process ph2 packet
somebody can help me.. where i'm mistake ?
Re: Mikrotik RB-951G Site to Site IPSec VPN Tunnel Problem : PH2 State No Phase 2
paste your actual config ( via /export hide-sensitive)
Re: Mikrotik RB-951G Site to Site IPSec VPN Tunnel Problem : PH2 State No Phase 2
i have an issue with the ipsec, routerOS 6.37.5:
these are the configurations:
/ip ipsec policy
add action=none dst-address=10.10.0.0/24 level=use sa-dst-address=10.200.80.89 sa-src-address=10.181.9.97 \
src-address=0.0.0.0/0 tunnel=yes
add dst-address=192.168.200.0/24 proposal=lose-256 sa-dst-address=10.200.80.90 sa-src-address=0.0.0.0 \
src-address=10.10.0.0/24 tunnel=yes
add dst-address=0.0.0.0/0 sa-dst-address=10.200.80.89 sa-src-address=10.181.9.97 src-address=10.10.0.0/24 \
tunnel=yes
/ip ipsec peer
add address=10.200.80.89/32 auth-method=rsa-signature certificate=subag_10_10.cer_0 dpd-interval=5s \
exchange-mode=aggressive remote-certificate=none
add address=10.200.80.90/32 auth-method=rsa-signature certificate=subag_10_10.cer_0 dh-group=modp1536 \
dpd-interval=5s enc-algorithm=aes-256 remote-certificate=none
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des lifetime=2h pfs-group=none
add enc-algorithms=aes-256-cbc lifetime=2h name=lose-256 pfs-group=none
when i try to update from 6.37.5 to 6.38.7 the ipsec doesn't work and change a few parameters.
I tested various configurations but when restart the router this erase it (in version OS 6.38.7)
thanks in advance if you can help me.
these are the configurations:
/ip ipsec policy
add action=none dst-address=10.10.0.0/24 level=use sa-dst-address=10.200.80.89 sa-src-address=10.181.9.97 \
src-address=0.0.0.0/0 tunnel=yes
add dst-address=192.168.200.0/24 proposal=lose-256 sa-dst-address=10.200.80.90 sa-src-address=0.0.0.0 \
src-address=10.10.0.0/24 tunnel=yes
add dst-address=0.0.0.0/0 sa-dst-address=10.200.80.89 sa-src-address=10.181.9.97 src-address=10.10.0.0/24 \
tunnel=yes
/ip ipsec peer
add address=10.200.80.89/32 auth-method=rsa-signature certificate=subag_10_10.cer_0 dpd-interval=5s \
exchange-mode=aggressive remote-certificate=none
add address=10.200.80.90/32 auth-method=rsa-signature certificate=subag_10_10.cer_0 dh-group=modp1536 \
dpd-interval=5s enc-algorithm=aes-256 remote-certificate=none
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des lifetime=2h pfs-group=none
add enc-algorithms=aes-256-cbc lifetime=2h name=lose-256 pfs-group=none
when i try to update from 6.37.5 to 6.38.7 the ipsec doesn't work and change a few parameters.
I tested various configurations but when restart the router this erase it (in version OS 6.38.7)
thanks in advance if you can help me.