I'm trying to setup a 3.10 IPSec tunnel between two Mikrotiks. First off, the
manual isn't correct. I do exactly what they say and I get an error. As it
turns out, you're also required to choose an AH In\Out Algorithm. It also
doesn't explain things well, like ah-spi.
How do I know it's working? I cannot ping addresses on the other side.
Side 1:
< ICS] > /ip ipsec policy print
Flags: X - disabled, D - dynamic, I - inactive
0 src-address=192.168.1.0/24:any dst-address=192.168.2.0/24:any protocol=all
action=encrypt level=require ipsec-protocols=ah tunnel=yes
sa-src-address=65.182.111.111 sa-dst-address=68.60.111.111 proposal=default
manual-sa=ah-sa1 priority=0
[EMAIL PROTECTED] - ICS] > /ip ipsec manual-sa print
Flags: X - disabled, I - invalid
0 name="ah-sa1" ah-algorithm=sha1 esp-auth-algorithm=null
esp-enc-algorithm=null ah-key=64 hex characters esp-auth-key="" esp-enc-key=""
ah-spi=0x100/0x101
esp-spi=0x100 lifetime=0s
Side 2:
[EMAIL PROTECTED] Fence] > /ip ipsec policy pr
Flags: X - disabled, D - dynamic, I - inactive
0 src-address=192.168.2.0/24:any dst-address=192.168.1.0/24:any protocol=all
action=encrypt level=require ipsec-protocols=ah tunnel=yes
sa-src-address=68.60.111.111 sa-dst-address=65.182.111.111 proposal=default
manual-sa=ah-sa1 priority=0
[EMAIL PROTECTED] Fence] > /ip ipsec manual-sa pr
Flags: X - disabled, I - invalid
0 name="ah-sa1" ah-algorithm=sha1 esp-auth-algorithm=null
esp-enc-algorithm=null ah-key=same 64 hex characters esp-auth-key=""
esp-enc-key="" ah-spi=0x101/0x100
esp-spi=0x100 lifetime=0s
----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.butchevans.com/pipermail/mikrotik/attachments/20080606/9f93d58b/attachment.html
