So has anyone put together any step by step instructions on how to use IPSec? It has always been a pain in my backside. What options are there besides another Mikrotik on the client end? Software or hardware.
Casey On 6/7/08, Mike Hammett <[EMAIL PROTECTED]> wrote: > I had actually just gotten it fixed by trying the masquerade option before > Butch told me to do masquerade. That said, I have attached a map of what > we're working with. The NIF wireless and everything behind it cannot > communicate with anything across the IPSec link, though everything else > including and behind NIF router does. Everything including and behind NIF > router can talk to everyone else on that side of the network as well as the > Internet. > > > ---------- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > ----- Original Message ----- > From: "Mike Hammett" <[EMAIL PROTECTED]> > To: "Mikrotik discussions" <[email protected]> > Sent: Friday, June 06, 2008 11:33 PM > Subject: [Mikrotik] IPSec > > > > I'm trying to setup a 3.10 IPSec tunnel between two Mikrotiks. First off, > > the manual isn't correct. I do exactly what they say and I get an error. > > As it turns out, you're also required to choose an AH In\Out Algorithm. > > It also doesn't explain things well, like ah-spi. > > > > How do I know it's working? I cannot ping addresses on the other side. > > > > > > Side 1: > > > > < ICS] > /ip ipsec policy print > > Flags: X - disabled, D - dynamic, I - inactive > > 0 src-address=192.168.1.0/24:any dst-address=192.168.2.0/24:any > > protocol=all action=encrypt level=require ipsec-protocols=ah tunnel=yes > > sa-src-address=65.182.111.111 sa-dst-address=68.60.111.111 > > proposal=default > > manual-sa=ah-sa1 priority=0 > > [EMAIL PROTECTED] - ICS] > /ip ipsec manual-sa print > > Flags: X - disabled, I - invalid > > 0 name="ah-sa1" ah-algorithm=sha1 esp-auth-algorithm=null > > esp-enc-algorithm=null ah-key=64 hex characters esp-auth-key="" > > esp-enc-key="" ah-spi=0x100/0x101 > > esp-spi=0x100 lifetime=0s > > > > > > > > Side 2: > > > > [EMAIL PROTECTED] Fence] > /ip ipsec policy pr > > Flags: X - disabled, D - dynamic, I - inactive > > 0 src-address=192.168.2.0/24:any dst-address=192.168.1.0/24:any > > protocol=all action=encrypt level=require ipsec-protocols=ah tunnel=yes > > sa-src-address=68.60.111.111 sa-dst-address=65.182.111.111 > > proposal=default > > manual-sa=ah-sa1 priority=0 > > [EMAIL PROTECTED] Fence] > /ip ipsec manual-sa pr > > Flags: X - disabled, I - invalid > > 0 name="ah-sa1" ah-algorithm=sha1 esp-auth-algorithm=null > > esp-enc-algorithm=null ah-key=same 64 hex characters esp-auth-key="" > > esp-enc-key="" ah-spi=0x101/0x100 > > esp-spi=0x100 lifetime=0s > > > > > > > > ---------- > > Mike Hammett > > Intelligent Computing Solutions > > http://www.ics-il.com > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: > > http://www.butchevans.com/pipermail/mikrotik/attachments/20080606/9f93d58b/attachment.html > > _______________________________________________ > > Mikrotik mailing list > > [email protected] > > http://www.butchevans.com/mailman/listinfo/mikrotik > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: CF NIF IPSec issue.pdf > Type: application/pdf > Size: 62758 bytes > Desc: not available > Url : > http://www.butchevans.com/pipermail/mikrotik/attachments/20080607/ff575dbf/attachment.pdf > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik >
