From MikroTik Wiki
< Manual:IP
Revision as of 08:12, 19 February 2008 by Eep (talk | contribs) (revert vandalism)
Jump to navigation Jump to search

IPsec between MikroTik and Cisco PIX in tunnel mode

  • On Cisco PIX firewall:
access-list 101 permit ip
nat (inside) 0 access-list 101
sysopt connection permit-ipsec
crypto ipsec transform-set MySet esp-3des esp-sha-hmac 
crypto map MyMap 1 ipsec-isakmp
crypto map MyMap 1 match address 101
crypto map MyMap 1 set peer
crypto map MyMap 1 set transform-set MySet
crypto map MyMap 10 set security-association lifetime seconds 86400
crypto map MyMap interface outside
isakmp enable outside
isakmp key gsdhg%#@&$*&#$U782GY#JG#HJ1231 address netmask 
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
  • On MikroTik router:
/ip ipsec peer add secret="gsdhg%#@&$*&#$U782GY#JG#HJ1231" address= \
\... enc-algorithm=3des hash-algorithm=sha1 dh-group=modp1024 lifetime=1d
/ip ipsec proposal add auth-algorithms=sha1 enc-algorithm=3des lifetime=1d
/ip ipsec policy add src-address dst-address= \
\... sa-src-address= sa-dst-address= ipsec-protocols=esp action=encrypt level=require tunnel=yes