Professional Documents
Culture Documents
IPSEC - Mikrotik
IPSEC - Mikrotik
Office 1
Internet
Main Office
Office 2
Modes
Main Mode or Aggressive mode
Phase 2:
Modes
Only one mode (Quick mode)
Tunnel mode
IP AH
AH Transport Mode Header Header
Payload
Authenticated
New IP AH IP
AH Tunnel Mode Header Header Header
Payload
Authenticated
IP protocol (50)
ESP Trailer
Encrypted
Authenticated
Mikrotik TTT Milan 10
IPSec Peer
• pre-shared-key • main
• rsa-signature • aggressive
• rsa-key • base
• pre-shared-key-xauth • Main-l2tp
• rsa-signature-hybrid
Mikrotik TTT Milan 12
IPSec Peer: Encryption and Hash algorithms
Destination address
host/subnet
IP protocol number:
TCP
UDP
ICMP
Authentication Algorithms
Property Description
addtime (time) Date and time when this SA was added.
auth-algorithm (sha1 | md5) Shows currently used authentication algorithm
auth-key (string) Shows used authentication key
current-bytes (64-bit integer) Shows number of bytes seen by this SA
enc-algorithm (des | 3des | aes ...) Shows currently used encryption algorithm
state (string) Shows the current state of the SA ("mature", "dying" etc)
10.1.1.0/24
192.168.1.0/24 192.168.3.0/24
10.1.1.1 10.1.1.6
Add firewall NAT Accept Rule and move it to the top of rules