Make sure that policy should not have enabled option tunnel, in this case tunel should be set to NO, because it will be used the transport mode of IPSec not the tunnel mode:Īdd name="IPSec" auth-algorithms=md5 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024 disabled=noĪdd address=10.10.1.200 secret="ipsec" generate-policy=no exchange-mode=main send-initial-contact=yes \ IPSec setup, here should be defined the ipsec policy, peer and proposal. Metric-connected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2mĪdd interface=Tunnel1 receive=v2 send=v2 authentication=none authentication-key="" prefix-list-in="" prefix-list-out=""Īdd interface=Tunnel1 receive=v2 send=v2 authentication=none authentication-key="" in-prefix-list="" out-prefix-list="" Set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 \ If you are using ROS v3.x or above, be sure to check the end of this list to see a list of necessary mod.įirst should configure a Tunnel Interface:Īdd name="Tunnel1" mtu=1480 local-address=10.10.1.100 remote-address=10.10.1.200 comment="" disabled=noĪfter that all interfaces are configured, than should asign IP addresses for interfaces:Īdd address=10.10.1.100/24 network=10.10.1.0 broadcast=10.10.1.255 interface=WAN comment="" disabled=noĪdd address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=LAN comment="" disabled=noĪdd address=172.16.0.1/30 network=172.16.0.0 broadcast=172.16.0.3 interface=Tunnel1 comment="" disabled=noĮnable Routing in Mikrotik Router, in this case RIP: Below are the steps to complete the configuration of IPSec VPN with Dynamic Routing. In this example you can find a setup between Mikrotik and Cisco routers, but it can be done just between Mikrotik routers, but to be more colorfull I decided to use Mikrotik and Cisco. This example shows how to setup an IPSec VPN using dynamic routing protocol (RIP), it can be used with another protocol.
0 kommentar(er)
