This is my understanding of what the situation is. CBeyond isn't being
overly cooperative in giving me forward answers to my questions about what
they did, so we'll see.
Mikrotik router ------ public Internet ----- CBeyond Cisco IAD -----
existing Linksys router.
|-----------------------IPSec--------------------|
It is my understanding that the tunnel goes from MT to Cisco. The CBeyond
tech configured the Linksys router for their service... whatever that
means. The Linksys did NAT last I checked (not since they were there).
They're telling me the Linksys needs to support IPSec pass-through and the
data will go through the tunnel, through the Linksys and to the clients.
Am I wrong in thinking that the tunnel they are providing just dumps the
traffic off on the segment between the IAD and the Linksys and that the
Linksys's NAT do it's job and not forward traffic through unless it's going
to a preconfigured port?
----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
----- Original Message -----
From: "Mike Hammett" <[EMAIL PROTECTED]>
To: "Mikrotik discussions" <[email protected]>
Sent: Monday, April 21, 2008 10:00 AM
Subject: [Mikrotik] VPN Questions
One of my customers got a CBeyond T1 and their VPN service (against
everything I told them to do).
CBeyond's VPN configuration form asks me the following questions, to which
I haven't really encountered doing Mikrotik VPNs in the past. Note that I
haven't done any IPSec VPNs before.
IKE Mode (Is this Mikrotik's Exchange Mode?)
IKE Identification Method
IKE/IPSec Diffie-Hellman Group (options are groups 1, 2, or 5... Mikrotik
has modp768, 1024, or 1536
Perfect Forward Secrecy
Key Lifetime (Mikrotik has a Lifetime field, but what does it match to?)
ISAKMP SA Lifetime (Mikrotik has a Lifetime field, but what does it match
to?)
Also, I don't understand the need for specifying network segments on each
side of the VPN.
----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.butchevans.com/pipermail/mikrotik/attachments/20080421/6085e979/attachment.html
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
