MikroTik

Hi,
I configured the VPN IPSec tunnel between 2 MTK.
Following a tutorial I was able to connect the HQ site with Remote Site (RS).
I have some question:
I make ping test from Winbox indicating the interface from begin the traffic: so I can check interesting traffic.
But, from those leaving the traffic? To make vpn tunnel "up", the traffic have to start from the HQ to RS or vicersa? Or both simultaneously?
Test:
1)I start ping from HQ to RS and nothing, so I stopped it
2)I start ping from RS to HQ and nothing, so I stopped it
3) I start ping from HQ to RS and after RS to HQ and the vpn come up, and the ping ack arrived.

I have initiator and responder on both side: it's correct?


Now I have to connect another MTK from RS2 to HQ: have I to follow the same procedure and add another peer, policies and nat?

If in RS3 I make the MTK behind a router: so the public IP is on the router wan interface and MTK speek with router with private networks. Behind the MTK there is the real LAN of customer. It's possible to make up a ipsec vpn tunnel to connect LAN of RS3 and LAN of HQ

Thanks!!!
Paolo (neofita)

Hi,

Check that the tunnel mode is selected in both sides.

In Ip Sec peer Tab check that:
- Dpd Interval: Dpd disable
- Select Send initial Contact

And test...