How to organize an ipsec tunnel Mikrotik-Kerio?

I

Igor Krivintsov2017-07-26 11:04:58

Mikrotik

Igor Krivintsov, 2017-07-26 11:04:58

Hello,
please help me to solve this problem. There are 2 offices, in the first Kerio is installed in the second, a computer with Router OS was installed, as far as I remember the firmware version is 5.39. I decided to change my computer from ROuter OS to rb2011 device. I changed the device and made all the settings the same, but for some reason the Ipsec tunnel with Kerio rises but does not give access anywhere. i.e. from the office where Kerio is located, you cannot access the server via rdp to the office where rb2011 is located. Tried various options with firewall , does not help. ping goes both ways, but rdp does not work, I tried to make a pptp connection, it also does not work, although everything worked out on an old computer with ROuter Os. Maybe firmware 6.40 is problematic? I post screenshots of
IPSEC

Nat

tracert, strange behavior during tracing, it is not clear what it is going through, the first jump 10.8.0.1 is Kerio, then it is not known what, then my ts server is in another office.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry Tallmange, 2017-07-26
@wizart23

The second jump - there must be a remote mikrotik, the same rb2011. It's very strange that it doesn't respond to icmp. Are you sure that there is no set of rules from the Internet in the filter table? Does the address 172.16.3.1 ping? If I understand correctly, it is he who is assigned rb2011 at the remote end of the tunnel.

D

Diman89, 2017-07-26
@Diman89

Compare line by line the configs of the two routeros and match each other