Skip to main content

MikroTik

  • Defining Phase 1 cryptography settings (IP >> IPSec >> Profiles)

phase1.png

  • Setting up peer (IP >> IPSec >> Peers)

ipsec-peer.png

  • Generating certs for IKEv2 authentication
> /certificate/
/certificate> add name=root_ca common-name=root_ca key-size=2048 key-usage=key-cert-sign,crl-sign days-valid=3650

/certificate> print

/certificate> sign 0
/certificate> add name=fw1_ike common-name=fw1_ike key-size=2048 days-valid=3650
/certificate> add name=fw2_ike common-name=fw2_ike key-size=2048 days-valid=3650

/certificate> print

/certificate> sign 1 ca=root_ca
/certificate> sign 2 ca=root_ca
  • Setting up authentication  (IP >> IPSec >> Identities)

ike-auth.png

  • Defining Phase 2 cryptography settings (IP >> IPSec >> Proposals)

phase2.png

  • Defining SAs (IP >> IPSec >> Policies)

sa-1.png

sa-2.png

  • Defining IPSec traffic filtering rules (IP >> Firewall)

ipsec-ruleset.png

Back to top