Establish Ipsec Vpn Connection Between Cyberoam And Mikrotik

Transcript

How To – Establish IPSec VPN connection between Cyberoam and Mikrotik router Applicable Version: 10.00 onwards Scenario Establish IPSec VPN connection between Cyberoam and Mikrotik router using Preshared Key authentication. Microtik Configuration Administrator access required to add or modify configuration in Mikrotik. Step 1: Configure IPSec Proposal Go to IP > IPSec > Proposal and click Add New to create an IPSec proposal for the VPN tunnel as shown below. Parameters Enabled Value Checked Name proposal1 Auth. Algorithms sha1 Encr. Algorithms 3des Lifetime 00:30:00 PFS Group modp1024 How To – Establish IPSec VPN connection between Cyberoam and Mikrotik router Click Apply and then OK to create the IPSec Proposal. Step 2: Configure Peer Navigate to IP > IPSec > Peer and click Add New to configure Peer/ Remote Device (here, Cyberoam) as shown in the image. How To – Establish IPSec VPN connection between Cyberoam and Mikrotik router Parameters Enabled Value Checked Address 1.1.1.1 Port sha1 Auth. Method pre shared key How To – Establish IPSec VPN connection between Cyberoam and Mikrotik router Secret cyberoam Policy Group default Exchange Mode main Send Initial Contact Checked Proposal Check Obey Hash Algorithm sha1 Encryption Algorithm 3des DH Group modp1024 Generate Policy no Lifetime 04:00:00 DPD Interval disable DPD DPD Maximum Failures 5 Step 3: Configure IPSec Policy Navigate to IP > IPSec > Policy and click Add New to create IPSec policy as shown in the table below. Parameters Value Enabled Checked Src. Address 172.16.1.0/24 Dst. Address 192.168.110.0/24 Protocol 255(All) Action encrypt Level require IPSec protocols esp Tunnel Checked SA Src. Address 2.2.2.2 SA Dst. Address 1.1.1.1 Proposal proposal1 Priority 0 How To – Establish IPSec VPN connection between Cyberoam and Mikrotik router Step 4: Configure NAT policy Navigate to Firewall > NAT and click Add New to create NAT policy. Specify the following parameters: Parameters Source Address Value 172.16.1.0 (Mikrotik’s LAN IP Address) Destination Address 192.168.110.0/24 (Cyberoam’s LAN IP Address) Action Accept Click Apply and OK to save. The following screen will be displayed. How To – Establish IPSec VPN connection between Cyberoam and Mikrotik router Cyberoam Configuration You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s). To configure IPSec Connection in Cyberoam, follow the steps given below. Step 1: Configure IPSec Connection Go to VPN > IPSec > Connection and click Add to create a new connection using parameters given below. Parameter Value Description Name IPSec_CR_Mikrotik Name to identify the IPSec Connection Select Type of connection. Connection Type Site to Site Available Options:    Policy DefaultBranchOffice Remote Access Site to Site Host to Host Select policy to be used for connection Select the action for the connection. Action on VPN Restart Initiate Available options:    Respond Only Initiate Disable Authentication details Authentication Type Preshared Key Select Authentication Type. Authentication of user depends on the connection type. Preshared Key Cyberoam Specify the Preshared Key PortB-1.1.1.1 Select local port which acts as end-point to the tunnel Endpoints Details Local How To – Establish IPSec VPN connection between Cyberoam and Mikrotik router Remote 2.2.2.2 Specify Gateway IP Address assigned to Cradle Point router. Local Network Details 192.168.1.0/24 Local Subnet Select Local LAN Address. Add and Remove LAN Address using Add Button and Remove Button Remote Network Details Remote LAN Network 172.16.1.0.0/24 Click OK to create the connection. Select/specify IP address of Cradle Point local network. How To – Establish IPSec VPN connection between Cyberoam and Mikrotik router Step 3: Activate IPSec Connection Go to VPN > IPSec > Connection and click under Active and Connection heads against IPSec_CR_Mikrotik connection, created in Step 1 Under the Active status indicates that the connection is successfully activated. Under the Connection status indicates that the connection is successfully established. Document Version 1.0 – 03 November, 2014