MikroTik

Hello,

Does anybody have experience how to fill out IPSec -> Peers -> Address section with Dynamc IP address ?

If a remote IPSec firewall dynamically changes IP is it possible to somehow manage that from Mikrotik router locally ?

Appreciate all your suggestions.

Thank you,
D.

Hello again,

When I meant a 'dynamic' address that is in a form of A-record (or DNS name ... name.domain.com - not a static IP address).

Thank you,
D.

You specify the peer address as 0.0.0.0/0 and set the option 'Generate policy' in the peer setup. This will allow connections from different IP addresses. At least one end must have a fixed address.

Regards

Andrew

Thanks Andrew for your help,

I have already figured it out by myself ... pretty obvious but sometimes it takes some time.

Again, deeply appreciate your help.

D.

Hello, Newbie, could you share your case for our reference? We also need help.

graveman

Thanks Andrew for your help,

I have already figured it out by myself ... pretty obvious but sometimes it takes some time.

Again, deeply appreciate your help.

D.

You specify the peer address as 0.0.0.0/0 and set the option 'Generate policy' in the peer setup. This will allow connections from different IP addresses. At least one end must have a fixed address.

Regards

Andrew

Hi Andrew,

In order to achieve a dynamic ipsec peer, is it better to setup Generate policy as port strict or port override? What's the difference?

Cheers!

10 years ago this choice didn't exist The port-override choice only makes sense when the peer sends incorrect traffic selectors in the proposal; with correct peer implementation, port-strict works fine.