I'm having a problem setting up an IPSec tunnel to another company. This VPN works perfectly fine on a netgear router they installed, but I'm trying to switch their netgear with a mikrotik. The information I was given was this:

PSK: *password here*
Local ID: *company name*

Services: PCAnywhere TCP/UDP 5631-5632

P1 Proposal: pre-g2-3des-sha
P2 Proposal: g2-esp-3des-sha

IPSec tunnel to *their Ip*



The ID is just the company name so it shouldn't matter, its not the FQDN or anything. The services shouldnt matter as was set up to forward all the ports before.

** edit: i was just given a peer id, i've put this in the my id spot in the peer setup, though nothing has changed **

The problem is, theres basically no debug information on the mikrotik, I set it up as I see there, and all I get when I save the config is the following:

installing phase2 config: id=0
installing phase2 config: id=1

If I do the command /ip ipsec policy print stats:

ph2-state=no-phase2


I have no idea where the breakdown is, i dont even know what its stuck on. Is it stuck in phase 1, phase 2? What setting should i even be playing with?




The peer is set up as follows:
address: *their address*
port: 500
Auth: PSK
Secret: *password here*
Exchange Mode: main
Send initial contact: yes
nat trav: no
FQDN: [blank]
prop check: obey
hash: sha
enc alg: 3des
DH group: modp1024
generate policy: no
lifetime: 1d
dpd: 120s
dpd max fail: 5

proposal:
sha1
3des
lifetime 1h
pfs: modp1024

policies:
src address: *local lan ip range*
dst address: *remote lan ip range*
protocol: any
action: encrypt
level: require
protocol: esp
tunnel: yes
sa src address: 0.0.0.0 (our ip is dynamic, again, works on netgear, however i have also tried setting it to external IP)
sa dst address: *their ip address*
proposal: proposal1 (the one listed above)
priority: 0