Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • IPIP Mikro Tunnel

    Încărcat de

    Abu Fadilah
    130 vizualizări3 pagini
    IPIP Tunnel

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    IPIP Tunnel

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    130 vizualizări3 pagini

    IPIP Mikro Tunnel

    Încărcat de

    Abu Fadilah
    IPIP Tunnel

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 3

    2016/08/15 19:25 1/3 IPIP tunnel with IPsec transport [Mikrotik to Mikrotik]

    IPIP tunnel with IPsec transport [Mikrotik to Mikrotik]

    Check the dierences between IPsec tunnel and IPsec transport.

    Assumptions:

    First location Mikrotik Router1 Second location Mikrotik Router2


    Private network Private network
    192.168.0.0/24 192.168.1.0/24
    address address
    Private interface Private interface
    192.168.0.254 192.168.1.254
    address address
    Public interface Public interface
    1.1.1.1 2.2.2.2
    address address
    IPIP interface address 10.10.1.21/30 IPIP interface address 10.10.1.22/30
    IPIP interface name tunnel_test IPIP interface name tunnel_test
    IPsec secret 12345678 IPsec secret 12345678

    Router 1 conguration

    1. Create IPIP tunnel interface:

    /interface ipip
    add local-address=1.1.1.1 mtu=1480 name=tunnel_test remote-address=2.2.2.2
    comment="" disabled=no

    2. Add IP address to IPIP interface:

    The Book - http://wiki.pcsinfo.hr/


    Last
    update:
    networking:mikrotik:ipip_with_ipsec_transport_mikrotik_to_mikrotik http://wiki.pcsinfo.hr/doku.php/networking/mikrotik/ipip_with_ipsec_transport_mikrotik_to_mikrotik
    2016/02/18
    06:35

    /ip address
    add address=10.10.1.21/30 broadcast=10.10.1.23 comment="" disabled=no
    interface=tunnel_test network=10.10.1.20

    3. Add route:

    /ip route
    add distance=1 dst-address=192.168.0.0/24 gateway=10.10.1.22 scope=30
    target-scope=10 comment="" disabled=no

    At this point we have s functional IPIP tunnel between two routers (assuming that rst three
    conguration steps are performed
    on the second router too), and now we are going to add IPsec transport.

    4. IPsec step 1 - Create IPsec peer:

    /ip ipsec peer


    add address=2.2.2.2/32:500 auth-method=pre-shared-key dh-group=modp1024
    disabled=no dpd-interval=disable-dpd \
    dpd-maximum-failures=1 enc-algorithm=3des exchange-mode=main generate-
    policy=no hash-algorithm=md5 lifebytes=0 \
    lifetime=1d nat-traversal=no proposal-check=obey secret=12345678 send-
    initial-contact=yes

    5. IPsec step 2 - Create IPsec policy:

    /ip ipsec policy


    add action=encrypt disabled=no dst-address=2.2.2.2/32:any ipsec-
    protocols=esp level=require priority=0 proposal=\
    default protocol=all sa-dst-address=2.2.2.2 sa-src-address=1.1.1.1 src-
    address=1.1.1.1/32:any tunnel=no

    6. IPsec step 3 - Create / Modify proposal:

    /ip ipsec proposal


    set default auth-algorithms=sha1 disabled=no enc-algorithms=3des
    lifetime=30m name=default pfs-group=modp1024

    Router 2 conguration

    1. Create IPIP tunnel interface:

    /interface ipip
    add local-address=2.2.2.2 mtu=1480 name=tunnel_test remote-address=1.1.1.1
    comment="" disabled=no

    2. Add IP address to IPIP interface:

    http://wiki.pcsinfo.hr/ Printed on 2016/08/15 19:25


    2016/08/15 19:25 3/3 IPIP tunnel with IPsec transport [Mikrotik to Mikrotik]

    /ip address
    add address=10.10.1.22/30 broadcast=10.10.1.23 comment="" disabled=no
    interface=tunnel_test network=10.10.1.20

    3. Add route:

    /ip route
    add distance=1 dst-address=192.168.1.0/24 gateway=10.10.1.21 scope=30
    target-scope=10 comment="" disabled=no

    IPIP Tunnel congured !

    4. IPsec step 1 - Create IPsec peer:

    /ip ipsec peer


    add address=1.1.1.1/32:500 auth-method=pre-shared-key dh-group=modp1024
    disabled=no dpd-interval=disable-dpd \
    dpd-maximum-failures=1 enc-algorithm=3des exchange-mode=main generate-
    policy=no hash-algorithm=md5 lifebytes=0 \
    lifetime=1d nat-traversal=no proposal-check=obey secret=12345678 send-
    initial-contact=yes

    5. IPsec step 2 - Create IPsec policy:

    /ip ipsec policy


    add action=encrypt disabled=no dst-address=1.1.1.1/32:any ipsec-
    protocols=esp level=require priority=0 proposal=\
    default protocol=all sa-dst-address=1.1.1.1 sa-src-address=2.2.2.2 src-
    address=2.2.2.2/32:any tunnel=no

    6. IPsec step 3 - Create / Modify proposal:

    /ip ipsec proposal


    set default auth-algorithms=sha1 disabled=no enc-algorithms=3des
    lifetime=30m name=default pfs-group=modp1024

    You should be able to ping 192.168.1.1 (private IP of the Router 2) from Router 1, and 192.168.0.1
    (private IP of the Router 1) from Router 2.

    From:
    http://wiki.pcsinfo.hr/ - The Book

    Permanent link:
    http://wiki.pcsinfo.hr/doku.php/networking/mikrotik/ipip_with_ipsec_transport_mikrotik_to_mikrotik

    Last update: 2016/02/18 06:35

    The Book - http://wiki.pcsinfo.hr/

    S-ar putea să vă placă și