IPSec Tunnel Lab

If you still not clearly understand about IPSec please read this article first (IPSec).

Overview:
We have to LAN, LAN A has public IP 10.165.0.100 and LAN has public IP 10.165.0.101. In this lab we create IPSec tunnel between LAN A and LAN B. After successful build the tunnel, you will able to ping from PC-A to server at LAN B

 

 

 

R1

/ip ipsec profile
add enc-algorithm=aes-128 name=profile1
/ip ipsec peer
add address=100.103.24.6/32 name=PEER1 profile=profile1
/ip ipsec identity
add peer=PEER1 secret=1234
/ip ipsec policy
add dst-address=172.17.17.0/24 peer=PEER1 sa-dst-address=100.103.24.6 \
sa-src-address=100.103.24.2 src-address=192.168.100.0/24 tunnel=yes

R2

/ip ipsec profile
add enc-algorithm=aes-128 name=profile1
/ip ipsec peer
add address=100.103.24.2/32 name=PEER1 profile=profile1
/ip ipsec identity
add peer=PEER1 secret=1234
/ip ipsec policy
add dst-address=192.168.100.0/24 peer=PEER1 sa-dst-address=100.103.24.2 \
sa-src-address=100.103.24.6 src-address=172.17.17.0/24 tunnel=yes

Leave a Reply

Your email address will not be published. Required fields are marked *