EasyManuals Logo

MikroTik RouterOS v2.9 User Manual

MikroTik RouterOS v2.9
709 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #331 background imageLoading...
Page #331 background image
4. Testing the IPsec tunnel
• on MikroTik router we can see installed SAs
[admin@MikroTik] ip ipsec installed-sa> print
Flags: A - AH, E - ESP, P - pfs, M - manual
0 E spi=9437482 direction=out src-address=10.0.1.1
dst-address=10.0.1.2 auth-algorithm=sha1 enc-algorithm=des
replay=4 state=mature
auth-key="9cf2123b8b5add950e3e67b9eac79421d406aa09"
enc-key="ffe7ec65b7a385c3" add-lifetime=24m/30m use-lifetime=0s/0s
lifebytes=0/0 current-addtime=jul/12/2002 16:13:21
current-usetime=jul/12/2002 16:13:21 current-bytes=71896
1 E spi=319317260 direction=in src-address=10.0.1.2
dst-address=10.0.1.1 auth-algorithm=sha1 enc-algorithm=des
replay=4 state=mature
auth-key="7575f5624914dd312839694db2622a318030bc3b"
enc-key="633593f809c9d6af" add-lifetime=24m/30m use-lifetime=0s/0s
lifebytes=0/0 current-addtime=jul/12/2002 16:13:21
current-usetime=jul/12/2002 16:13:21 current-bytes=0
[admin@MikroTik] ip ipsec installed-sa>
• on CISCO router
cisco# show interface Serial 0
interface: Serial1
Crypto map tag: mymap, local addr. 10.0.1.2
local ident (addr/mask/prot/port): (10.0.2.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.0.0.0/255.255.255.0/0/0)
current_peer: 10.0.1.1
PERMIT, flags={origin_is_acl,}
#pkts encaps: 1810, #pkts encrypt: 1810, #pkts digest 1810
#pkts decaps: 1861, #pkts decrypt: 1861, #pkts verify 1861
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.0.1.2, remote crypto endpt.: 10.0.1.1
path mtu 1500, media mtu 1500
current outbound spi: 1308650C
inbound esp sas:
spi: 0x90012A(9437482)
transform: esp-des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2000, flow_id: 1, crypto map: mymap
sa timing: remaining key lifetime (k/sec): (4607891/1034)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x1308650C(319317260)
transform: esp-des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2001, flow_id: 2, crypto map: mymap
sa timing: remaining key lifetime (k/sec): (4607893/1034)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
MikroTik Router and Linux FreeS/WAN
In the test scenario we have 2 private networks: 10.0.0.0/24 connected to the MT and
192.168.87.0/24 connected to Linux. MT and Linux are connected together over the "public"
network 192.168.0.0/24:
Page 317 of 695
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the MikroTik RouterOS v2.9 and is the answer not in the manual?

MikroTik RouterOS v2.9 Specifications

General IconGeneral
BrandMikroTik
ModelRouterOS v2.9
CategorySoftware
LanguageEnglish