Two DSL - IPSEC - EoIP - Bonding
Posted: Thu Jan 22, 2009 3:00 pm
Hi all,
I want to make a secure balanced fail safe link between two Mikrotiks.
Each one has two xDSL connections and a LAN behind.
As I have read in the wiki and forum, it can be done using bonding over EoIP throght a PPTP or IPSEC. More or less the PPTP procedure is clear for me. You setup the two PPTP connections and create a bonding interface linking both interfaces.
The problems come with IPSEC. How about the policies?. I setup the both Peers in each router, but whats happend with the policies to apply this IPSEC tunnels? I suppouse the policies must contain the access to each LAN behind the router.
In this case, I will have to IPSEC politics pointing the same LAN policies. Is this correct? do that work? If this option is possible here is another question.... I create a EoIP over the two ethernet linking via IPSEC? and then a bonding between them? and how about the routes? becouse the bonding has a IP and How must I set up the routes to link both LANs throught the IPSEC o throught the Bonding IPs? if I setup this over the IPSEC the bonding will not be effective and if I setup the routes over the bonding IPs the IPSEC politics will not apply....
Please someone that has setup a similar configuration could light up my mind?
Greetings
I want to make a secure balanced fail safe link between two Mikrotiks.
Each one has two xDSL connections and a LAN behind.
As I have read in the wiki and forum, it can be done using bonding over EoIP throght a PPTP or IPSEC. More or less the PPTP procedure is clear for me. You setup the two PPTP connections and create a bonding interface linking both interfaces.
The problems come with IPSEC. How about the policies?. I setup the both Peers in each router, but whats happend with the policies to apply this IPSEC tunnels? I suppouse the policies must contain the access to each LAN behind the router.
In this case, I will have to IPSEC politics pointing the same LAN policies. Is this correct? do that work? If this option is possible here is another question.... I create a EoIP over the two ethernet linking via IPSEC? and then a bonding between them? and how about the routes? becouse the bonding has a IP and How must I set up the routes to link both LANs throught the IPSEC o throught the Bonding IPs? if I setup this over the IPSEC the bonding will not be effective and if I setup the routes over the bonding IPs the IPSEC politics will not apply....
Please someone that has setup a similar configuration could light up my mind?
Greetings