I had (obviously incorrectly) assumed that the masquerading would masquerade
the traffic destined to the remote router as coming from the local router
instead of the local PC.
----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
----- Original Message -----
From: "Butch Evans" <[EMAIL PROTECTED]>
To: "Mikrotik discussions" <[email protected]>
Sent: Saturday, June 07, 2008 12:39 AM
Subject: Re: [Mikrotik] IPSec
On Fri, 6 Jun 2008, Mike Hammett wrote:
I'm trying to setup a 3.10 IPSec tunnel between two Mikrotiks.
First off, the manual isn't correct. I do exactly what they say
and I get an error. As it turns out, you're also required to
choose an AH In\Out Algorithm. It also doesn't explain things
well, like ah-spi.
First, why are you creating a manual-sa? This is usually not
necessary and it is easier to not do this manually. Second
question: Are you masquerading traffic on the LAN of either side of
this tunnel? If so, you have to make an exception for the IPSEC
policy traffic. The traffic flow diagram is very clear in this
regard.
Use the example titled "IPsec Between two Masquerading MikroTik
Routers", as it does not require a manual key.
--
********************************************************************
*Butch Evans *Professional Network Consultation *
*Network Engineering *MikroTik RouterOS *
*573-276-2879 *ImageStream *
*http://www.butchevans.com/ *StarOS and MORE *
*Mikrotik Certified Consultant *Wired or Wireless Networks *
********************************************************************
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
