How to Create IPSec Tunnel on mikrotik

Step 1 - Router configuration

/ip ipsec peer add address= comment="Peer b" enc-algorithm=aes-128 nat-traversal=no secret=”my_secret”

The enc_algorithm should be the same on the both sides otherwise the IPSec tunnel will not be connected properly For better security improvement recommended :

  1. Changing the passwords (secret field - step 1) at least once in a half year.
  2. Creating strong passwords
Step 2 - IPSec Policy Configuration

/ip ipsec policy add comment="Traffic B" dst-address= sa-dst-address=your-gateeway-IP sa-src-address=your-IP src-address= tunnel=yes

Step 3 – SRC NAT Rules configurations

Almost every router uses NAT protocol .This protocol will force the packets to change the SRC in purpose to go through Mikrotik's route table instead of the IPSec tunnel. Foer been able to avoid the forced routing ,the next rules must be added to the NAT Table and placed on top.

SRC NAT Configuration :  /ip firewall nat add chain=srcnat comment="NAT B bypass" dst-address= src-address= place-before=0

0 out of 0 found this helpful



Please sign in to leave a comment.