L2TP/IPSec client
Posted: Sun Feb 11, 2018 3:26 am
Hi all,
I have a problem with setup mikrotik as L2TP/IPSec client. There is an issue with NO PROPOSAL error, so I probably need to setup IPSec manually.
1) I setup IPSec peer. It seems, that this part works fine.
01:37:37 ipsec,info ISAKMP-SA established Y.Y.Y.Y[500]-X.X.X.X[500] spi:a4c83c84e5f19ad9:bf361aa56cee7188
2) Then I setup IPSec policy, but it doesn`t work. I receive a PH2 State = no phase 2. Only some records, which expire after some time, are present in installed SA.
Mikrotik log file:
Network typology:
Server: Public IP: X.X.X.X, Cisco, L2TP/IPSec (PSK), dynamic ip address assigned to client
Client: Public IP: Y.Y.Y.Y, Mikrotik, ver. 6.41.2
The connection to the server from Windows client works fine. But with mikrotik without luck. Could you help me please?
I have a problem with setup mikrotik as L2TP/IPSec client. There is an issue with NO PROPOSAL error, so I probably need to setup IPSec manually.
1) I setup IPSec peer. It seems, that this part works fine.
01:37:37 ipsec,info ISAKMP-SA established Y.Y.Y.Y[500]-X.X.X.X[500] spi:a4c83c84e5f19ad9:bf361aa56cee7188
Code: Select all
address=X.X.X.X/32 auth-method=pre-shared-key secret="PSK" generate-policy=port-override policy-template-group=default exchange-mode=main-l2tp
send-initial-contact=yes nat-traversal=no proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-256 dh-group=modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5
2) Then I setup IPSec policy, but it doesn`t work. I receive a PH2 State = no phase 2. Only some records, which expire after some time, are present in installed SA.
Code: Select all
src-address=Y.Y.Y.Y/32 src-port=any dst-address=X.X.X.X/32 dst-port=any protocol=udp action=encrypt level=unique
ipsec-protocols=esp tunnel=no proposal=default ph2-count=0
Mikrotik log file:
Network typology:
Server: Public IP: X.X.X.X, Cisco, L2TP/IPSec (PSK), dynamic ip address assigned to client
Client: Public IP: Y.Y.Y.Y, Mikrotik, ver. 6.41.2
The connection to the server from Windows client works fine. But with mikrotik without luck. Could you help me please?