Have you defined the other end's LAN network?
Your Winbox layout is a bit different than mine, are you using the latest Winbox version (I'm currently using v3.21-x64)
And here's one of my established IPsec -> Policies tab:
View attachment 155View attachment 156View attachment 157
On the IPsec -> Peers tab, you can fill with ::/0 if you want to accept all IPsec connection regardless their source IP address.
Hi @Edwink,Hi @Andy,
Thanks to your kind work and let us figure out the basic setting guide for IPsec Peer to Peer. First of all I am totally noob about this Mikrotik, The same message appear for SA.dst address when I trying to save the configuration. My Mikrotik now with 6.43.8, the latest is 6.46.6 so mean that we need to upgrade so to overcome this problem? Putting in ::/0 does the same thing same error message appear.
PS: Under my Peer tab and Identities tab all is empty...... Just not sure how to set it too.....
If my setting was incorrect please help to correct me, I am not networking savvy I only know very simple basic thing.
Thanks in advance.
My network setup as shown as the diagram below.
View attachment 176
View attachment 177
View attachment 178
See my screenshot below: (I tested on RouterOS v6.44.5)
- SA Src. Address: fill it with your source WAN address.
- SA. Dst. Address: fill it with the other router's WAN address, you can fill it with 0.0.0.0 if the other router has a dynamic WAN address.
View attachment 179
I wouldn't recommend using the same IP network for 2 different sites.1. Can we maintain all same range IP subnet 192.168.1.x/24 or create another IP subnet range 192.168.2.0/24 for Server 3? Is it possible to maintain 2 IP range under one router or just maintain same range easy to maintain?
Site-to-site IPsec tunnel if configured properly shouldn't have any speed degradation over WAN.2. Concern about the accounting system speed reluctant due to access through WAN
I wouldn't recommend using the same IP network for 2 different sites.
I'd use something like 192.168.1.0/24 for site 1 and 192.168.2.0/24 for site 2.
With this configuration, it'll be much easier to manage the network in the future, as well as implementing a site-to-site IPsec tunnel.
Site-to-site IPsec tunnel if configured properly shouldn't have any speed degradation over WAN.
This is also depending on your WAN connection, if it's a fibre, there shouldn't be an issue on both upload & download speed.
If it's a DSL line, you'll probably have a slower upload speed.
In NZ, mostly we have 100 Mbps fibres & gigabit fibres, I barely find any issues with both uploading and downloading using site-to-site IPsec, except on rural areas who are still on DSL connections.