What could be the problem with IPsec traffic passing through Mikrotik behind NAT?

F

F0cus54nsk2019-11-06 08:33:20

Mikrotik

F0cus54nsk, 2019-11-06 08:33:20

Hello everyone,
I'm trying to set up a tunnel from my Mikrotik at home (behind a PfSense1 NAT router) and another PfSense2
The network looks like this:
Public home ip: 194.226.171.2
NAT ip Mikrotik: 192.168.144.135
Public ip server: 193.232.45.243
10.0.1.0 /24(LAN)--Mikrotik--192.168.144.0/24---PfSense1 (194.226.171.2) ----- internet ----- PfSense2 (193.232.45.243) --- LAN (192.168.1.0/ 24)
As I understand it, Phase2 was successful for me and there is connectivity on PfSense 2 and on the micro itself. The SA record is present in the microte. PfSense2 writes that the remote client is 194.226.171.2 NAT-T. That is, in fact, everything should go. It remains to understand why it is impossible to drive traffic between them.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

L

leitop2k, 2019-11-06
@leitop2k

1) Where does the track stop?
2) Are all routes correct?

C

CityCat4, 2019-11-06
@CityCat4

Are IPSec policies configured? Do they correctly specify subnets, public addresses of IP gateways?
IKE and ESP are not filtered?