I had actually just gotten it fixed by trying the masquerade option before Butch told me to do masquerade. That said, I have attached a map of what we're working with. The NIF wireless and everything behind it cannot communicate with anything across the IPSec link, though everything else including and behind NIF router does. Everything including and behind NIF router can talk to everyone else on that side of the network as well as the Internet.
---------- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Mike Hammett" <[EMAIL PROTECTED]> To: "Mikrotik discussions" <[email protected]> Sent: Friday, June 06, 2008 11:33 PM Subject: [Mikrotik] IPSec > I'm trying to setup a 3.10 IPSec tunnel between two Mikrotiks. First off, > the manual isn't correct. I do exactly what they say and I get an error. > As it turns out, you're also required to choose an AH In\Out Algorithm. > It also doesn't explain things well, like ah-spi. > > How do I know it's working? I cannot ping addresses on the other side. > > > Side 1: > > < ICS] > /ip ipsec policy print > Flags: X - disabled, D - dynamic, I - inactive > 0 src-address=192.168.1.0/24:any dst-address=192.168.2.0/24:any > protocol=all action=encrypt level=require ipsec-protocols=ah tunnel=yes > sa-src-address=65.182.111.111 sa-dst-address=68.60.111.111 > proposal=default > manual-sa=ah-sa1 priority=0 > [EMAIL PROTECTED] - ICS] > /ip ipsec manual-sa print > Flags: X - disabled, I - invalid > 0 name="ah-sa1" ah-algorithm=sha1 esp-auth-algorithm=null > esp-enc-algorithm=null ah-key=64 hex characters esp-auth-key="" > esp-enc-key="" ah-spi=0x100/0x101 > esp-spi=0x100 lifetime=0s > > > > Side 2: > > [EMAIL PROTECTED] Fence] > /ip ipsec policy pr > Flags: X - disabled, D - dynamic, I - inactive > 0 src-address=192.168.2.0/24:any dst-address=192.168.1.0/24:any > protocol=all action=encrypt level=require ipsec-protocols=ah tunnel=yes > sa-src-address=68.60.111.111 sa-dst-address=65.182.111.111 > proposal=default > manual-sa=ah-sa1 priority=0 > [EMAIL PROTECTED] Fence] > /ip ipsec manual-sa pr > Flags: X - disabled, I - invalid > 0 name="ah-sa1" ah-algorithm=sha1 esp-auth-algorithm=null > esp-enc-algorithm=null ah-key=same 64 hex characters esp-auth-key="" > esp-enc-key="" ah-spi=0x101/0x100 > esp-spi=0x100 lifetime=0s > > > > ---------- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.butchevans.com/pipermail/mikrotik/attachments/20080606/9f93d58b/attachment.html > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > -------------- next part -------------- A non-text attachment was scrubbed... Name: CF NIF IPSec issue.pdf Type: application/pdf Size: 62758 bytes Desc: not available Url : http://www.butchevans.com/pipermail/mikrotik/attachments/20080607/ff575dbf/attachment.pdf
