06-04-2022 11:44 AM - edited 06-05-2022 01:03 AM
hello everyone! it's first post and fun.
i have tried to set up a simple scenario for GRE over IPSec tunneling between a Cisco c2800 and a Mikrotik RB951ui-2hnd. the two are connected directly through their physical ports; fa0/0 on cisco to ether1 on mikrotik. i have attached the configuration files for easy verification.
i am really wondering why this happens since if i replace mikrotik with cisco everything is fine and the tunnel never drops. please help me calrify this.
so many thanks.
06-05-2022 09:04 AM - edited 06-05-2022 09:06 AM
@alv84 is the tunnel interface up on the cisco end?
I see you've got PFS configured on the Cisco router, but I can see no mention of it in the mikrotik configuration. Remove it from the Cisco device and try again, it's optional.
Enable isakmp debugs on the cisco router and provide the output for review.
06-08-2022 10:08 PM
@Rob Ingram thank you and sorry for late reply. i fixed that pfs option but the issue was not that. the problem was:
1) ipsec acl on cisco
2) ipsec policy parameters on mikrotik
it is now resolved.
regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide