Not sure if this is what you are looking for but here’s what I had to do. NAT caused issues with ipsec so I had to not use it on the router with the tunnel. In the ip ipsec policy I had to create an action rule for each subnet on the lan, i.e. src-address=192.168.1.0/24 . That also applied for each dst-address on the other end. nat-traversal was set to no in the peer since I never could get it to work between the two networks. One of those networks was not mine though.
It was a pain. -- Terri Kelley Network Engineer 254-697-6710 Farm to Market Broadband On October 12, 2016 at 3:36:34 AM, Muhammad Yousuf Khan (sir...@gmail.com) wrote: Dear All, i am new to ipsec so please never mind about newbie question. I have a mikrotik router on one end and netgear router on another end. - in policy i define source and destination address (office LAN and remote office LAN) - in policy action i define SA Src and SA Dst i defined source and destination router public IP. - Peer setting is fine as log shows link is established. - i also created the NAT rule as define for src-nat in the document. now the problem i face is i can not see any new route in routing table. i can not ping the remote network, (of course it is due to no route) but how can i get the dynamic route from this tunnel normally all VPN servers like pptp, l2tp, openvpn etc has their interface dynamically created with pool assigned to tunnel when tunnel established. however in this case tunnel is established but no interface has been create not tunnel ip has been assigned. i can not see any option to assign the ip pool to ipsec tunnel. i dont know if this is default behaviour or a error. please correct me if i am wrong. now i do not know how should i add manual route because no interface is there nor pool ip. please guide. Any guide or suggestion will be highly appreciated. Thanks, MYK -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20161012/324c218d/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20161012/15a3f4c1/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS