IPSEC pass-through?
I have a device that needs to have IPSEC pass-through enabled, and I have no idea how to do it. thanks for any advice!!
Re: IPSEC pass-through?
Do you mean you need IPsec passthrough on a Mikrotik router? Presumably the router also forms a NAT barrier, so you'll have to just forward UDP/500 (ISAKMP for phase 1) and UDP/4500 (ISAKMP will detect NAT and use NAT-T, and encapsulate the AH or (likelier) ESP packets in UDP on well known port 4500). If you're using IPsec wrapped in TCP instead, forward whatever port you configure for that.
If the router is NOT a NAT barrier forward UDP/500 (ISAKMP) and AH or ESP (IP protocols 50 or 51) depending on which on you use, though in that case I don't see why you'd need passthrough, you'd just terminate on the public IP behind the router and it'd simply be forwarding IP packets.
IPsec passthrough basically just means "heya router, I know you can terminate IPsec yourself, but when you see traffic for that, don't terminate it, send it to this other host instead". SOHO routers do that with a checkbox that generates the destination NAT rules, on RouterOS you just do it manually.
If the router is NOT a NAT barrier forward UDP/500 (ISAKMP) and AH or ESP (IP protocols 50 or 51) depending on which on you use, though in that case I don't see why you'd need passthrough, you'd just terminate on the public IP behind the router and it'd simply be forwarding IP packets.
IPsec passthrough basically just means "heya router, I know you can terminate IPsec yourself, but when you see traffic for that, don't terminate it, send it to this other host instead". SOHO routers do that with a checkbox that generates the destination NAT rules, on RouterOS you just do it manually.
Re: IPSEC pass-through?
great...
that makes perfect sense.....
thanks much!!
that makes perfect sense.....
thanks much!!