On Fri, 6 Jun 2008, Mike Hammett wrote:
I'm trying to setup a 3.10 IPSec tunnel between two Mikrotiks. First off, the manual isn't correct. I do exactly what they say and I get an error. As it turns out, you're also required to choose an AH In\Out Algorithm. It also doesn't explain things well, like ah-spi.
First, why are you creating a manual-sa? This is usually not necessary and it is easier to not do this manually. Second question: Are you masquerading traffic on the LAN of either side of this tunnel? If so, you have to make an exception for the IPSEC policy traffic. The traffic flow diagram is very clear in this regard.
Use the example titled "IPsec Between two Masquerading MikroTik Routers", as it does not require a manual key.
-- ******************************************************************** *Butch Evans *Professional Network Consultation * *Network Engineering *MikroTik RouterOS * *573-276-2879 *ImageStream * *http://www.butchevans.com/ *StarOS and MORE * *Mikrotik Certified Consultant *Wired or Wireless Networks * ********************************************************************
