IPSec VPN between MikroTik RouterOS and SonicWall Enhanced SonicOS

From MikroTik Wiki
Jump to: navigation, search

The purpose of this article is to describe a method of creating an IKE-negotiated IPSec tunnel bewteen a MikroTik RouterOS box and a SonicWall appliance running SonicOS Enhanced. Specifically, RouterOS is version 3.13 (on RB433AH) and SonicOS Enhances is version 4.0.0.2-51e (on PRO4100). However, this configuration should work with just about any 3.x RouterOS (and probably 2.9.x, too) and just about any SonicOS Enhanced 3.2 and later.

This article assumes that the local networks are already in place and functioning, that NAT/Masquerade is functioning and that both devices are connected to the Internet.

Of note: my experience with IPSec tunnels with RouterOS is that only a single destination network (i.e. the network across the tunnel that is being communicated to) can be "active" at any one time. If there are multiple networks that need to be communicated with across the tunnel, the negotiated SA will only allow one at a time before the SA must be renegotiated. Feel free to edit this to provide additional information.

To begin with, the SonicOS end of the tunnel:

I had to go, but I'll be back to finish this article. --Jesse.dupont 00:21, 20 September 2008 (EEST)