/ip ipsec peer add address=22.214.171.124/32 comment="Peer b" enc-algorithm=aes-128 nat-traversal=no secret=”my_secret”
The enc_algorithm should be the same on the both sides otherwise the IPSec tunnel will not be connected properly For better security improvement recommended :
- Changing the passwords (secret field - step 1) at least once in a half year.
- Creating strong passwords
/ip ipsec policy add comment="Traffic B" dst-address=192.168.30.0/24 sa-dst-address=your-gateeway-IP sa-src-address=your-IP src-address=192.168.30.0/24 tunnel=yes
Almost every router uses NAT protocol .This protocol will force the packets to change the SRC in purpose to go through Mikrotik's route table instead of the IPSec tunnel. Foer been able to avoid the forced routing ,the next rules must be added to the NAT Table and placed on top.
SRC NAT Configuration : /ip firewall nat add chain=srcnat comment="NAT B bypass" dst-address=192.168.30.0/24 src-address=192.168.90.0/24 place-before=0