Page 1 of 1

VPN agains Cisco 3000

Posted: Thu May 15, 2008 8:17 pm
by dohkoo
Hi all,

I am trying to established some vpn tunnels against a Cisco 3000.
The situation is:

MK (public ip) Cisco 3000 (public ip)
(private network- (private network-
(private network-

The tunnel seems to work properly, but when I try to set more policies on MK v3.9 to connect more private networks, it doesn't work. It only works with the first policy.
I've tried removing all installed-sa, rebooting the MK but nothing works. It seems to use a single private network each tunnel.

Does anyone know what I am doing wrong??

Thanks a lot

Re: VPN agains Cisco 3000

Posted: Tue May 20, 2008 5:26 pm
by plucchetti
You must create a different policy for each network that you wish to connect, this policies are already created?
One more thing, this scenario in working under NAT?


Re: VPN agains Cisco 3000

Posted: Tue May 20, 2008 7:53 pm
by comaco
I have the same problem.

I have a RB333, with the last RouterOS, and i can´t configure a VPN that work properly with more than one policie.
The VPN is established, and i have SA, but the traffic don´t flow by the VPN. And in the best case, it work only in one way.

I need some help about it, becasue the configuretaion on MT is simple, and it haven´t NAT or Firewall rules.


Re: VPN agains Cisco 3000

Posted: Sun Oct 12, 2008 3:00 am
by samjan
Hi All,
who can me show the typical configuration to create tunnel between MK RBD450 and Cisco 3000vpn? On each side of equipment have the networks...

Re: VPN agains Cisco 3000

Posted: Sun Oct 12, 2008 2:21 pm
by nathany
This is a known bug, I reported and at least one other person several months ago. I received a response from support saying they were looking in to it and would fix it but 2 to 3 months on and still nothing. The customer we manage RouterOS for is now moving away from RouterOS due to this bug and no fix being issued.

Mikrotik, when are you going to fix this? It is a fairly big and critical bug as I can't believe there are so few that need multiple policies to a single Cisco peer.

Re: VPN agains Cisco 3000

Posted: Sun Oct 12, 2008 7:33 pm
by Tonda
I suppose this is about IPSec VPN. Try to set Level of IPSec policy to "unique", this solved my problem with IPSec configuration, transferred from Mikrotik 2.9.51 where I have had two policies and only one working. Level "unique" was not part of version 2.9.X.

Re: VPN agains Cisco 3000

Posted: Thu Nov 06, 2008 11:17 am
by hajid
hi dohkoo,

would you please share your config here. i need some reference for ipsec configuration.tq

Re: VPN agains Cisco 3000

Posted: Fri Nov 07, 2008 12:15 am
by nathany
Thanks Tonda - setting the level to 'Unique' fixed the problem.

If only MikroTik had suggested this several months back when I logged a support incident!

Re: VPN agains Cisco 3000

Posted: Fri Nov 07, 2008 11:25 am
by normis
we are not Cisco guys, some times we can't help you with Cisco config details because we simply don't know them