Why can't the Kerio -> Mikrotik IPsec tunnel be established?

S

Skywalker732015-09-10 15:07:54

VPN

Skywalker73, 2015-09-10 15:07:54

There is a guide on Habré like this habrahabr.ru/post/216215 . Did according to him one to one.
Mikrotik - waiting for connection (passive mode), has a white static ip.
Kerio control - initiates a connection, has a white static IP.
There are rules in the firewall for port 500 and ipsec, they stand at the beginning. Encryption policies, etc. everything is like in the guide. But there is no connection.
For example, I tried to register the provider's static settings directly on the network card and configure the Ipsec-receiving server in SoftEcher VPN. Kerio connected.
0. Where to dig?
1. Newbie in Mikrotik, where can I see Ipsec logs?
2. Where can I see records of rejected connections in Kerio)?
ps: in Kerio, the rules for VPN allow 500 tcp / udp as well as Ipsec services

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Skywalker73, 2015-09-11
@Skywalker73

Solution found. Mikrotik accept connections (passive mod), and in the peer settings, when we create, where the arrow shows in the address field, we write the CLIENT ADDRESS, and not the external address of our Mikrotik-receiving. Those. write the address of the connection initiator.

K

Kirill 1, 2015-09-10
@SmileyK

Show at least a log from Mikrotik. good afternoon.