Home > MikroTik > Router > MikroTik Router OS V3.0 User Manual

MikroTik Router OS V3.0 User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual MikroTik Router OS V3.0 User Manual. The MikroTik manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 201

    Page 201                 (   Example          !+%+%+%!19   $= B  [admin@MikroTik] ip ipsec peer>add address=10.0.0.147/32 \\... secret=gwejimezyfopmekun[admin@MikroTik] ip ipsec peer> printFlags: X - disabled0 address=10.0.0.147/32:500 auth-method=pre-shared-keysecret=gwejimezyfopmekun generate-policy=no exchange-mode=mainsend-initial-contact=yes nat-traversal=no proposal-check=obeyhash-algorithm=md5... 
     	
   
 
 
   
  	
( 		
Example
 
 
  
	

 !+%+%+%!19 

$=
B	
[admin@MikroTik] ip ipsec peer>add address=10.0.0.147/32 \\... secret=gwejimezyfopmekun[admin@MikroTik] ip ipsec peer> printFlags: X - disabled0 address=10.0.0.147/32:500 auth-method=pre-shared-keysecret=gwejimezyfopmekun generate-policy=no exchange-mode=mainsend-initial-contact=yes nat-traversal=no proposal-check=obeyhash-algorithm=md5...

    Page 202

    Page 202      (                    Property Description add-lifetime(read-only: time) - soft/hard expiration time counted from installation of SA addtime(read-only: text) - time when this SA was installed auth-algorithm(multiple choice, read-only: none|md5|sha1) - authentication algorithm used in SA auth-key(read-only: text) - authentication key presented as a hex string current-bytes(read-only: integer) - amount of data processed by this SAs... 
     	
 ( 
	

 	
 

	 
 		

 

 
 
Property Description
add-lifetime(read-only: time) - soft/hard expiration time counted from installation of SA
addtime(read-only: text) - time when this SA was installed
auth-algorithm(multiple choice, read-only: none|md5|sha1) - authentication algorithm used in
SA
auth-key(read-only: text) - authentication key presented as a hex string
current-bytes(read-only: integer) - amount of data processed by this SAs...

    Page 203

    Page 203 !      1             8           !+     !+            (      Property Description sa-type(multiple choice: ah|all|esp; default:all) - specifies SA types to flush •ah- delete AH protocol SAs only •esp- delete ESP protocol SAs only •all- delete both ESP and AH protocols SAs Example     !+    [admin@MikroTik] ip ipsec installed-sa> flush[admin@MikroTik]... 
    !
 	
 

1

 

	

 
 	 
  8 
  	
	 
 

	 !+

	  
	
 !+   

	
  

  (  
	 	

Property Description
sa-type(multiple choice: ah|all|esp; default:all) - specifies SA types to flush
•ah- delete AH protocol SAs only
•esp- delete ESP protocol SAs only
•all- delete both ESP and AH protocols SAs
Example
  	 
 !+ 

	
[admin@MikroTik] ip ipsec installed-sa> flush[admin@MikroTik]...

    Page 204

    Page 204 [admin@Router1] > ip ipsec policy add sa-src-address=1.0.0.1 sa-dst-address=1.0.0.2 \\... action=encrypt[admin@Router1] > ip ipsec peer add address=1.0.0.2 \\... secret=gvejimezyfopmekun •3 & [admin@Router2] > ip ipsec policy add sa-src-address=1.0.0.2 sa-dst-address=1.0.0.1 \\... action=encrypt[admin@Router2] > ip ipsec peer add address=1.0.0.1 \\... secret=gvejimezyfopmekun •         F!$                   /      ... 
    [admin@Router1] > ip ipsec policy add sa-src-address=1.0.0.1 sa-dst-address=1.0.0.2 \\... action=encrypt[admin@Router1] > ip ipsec peer add address=1.0.0.2 \\... secret=gvejimezyfopmekun
•3
&
[admin@Router2] > ip ipsec policy add sa-src-address=1.0.0.2 sa-dst-address=1.0.0.1 \\... action=encrypt[admin@Router2] > ip ipsec peer add address=1.0.0.1 \\... secret=gvejimezyfopmekun
•
	

  	 
 F!$ 
 	
	
 
 	
 	
	
  
	

 
 
 /
	
 
	
  ...

    Page 205

    Page 205 1.+    8       !379+ •3 ! [admin@Router1] > ip firewall nat add chain=srcnat src-address=10.1.0.0/24 \\... dst-address=10.2.0.0/24 action=accept[admin@Router1] > ip firewall nat add chain=srcnat out-interface=public \\... action=masquerade •3 & [admin@Router2] > ip firewall nat chain=srcnat add src-address=10.2.0.0/24 \\... dst-address=10.1.0.0/24 action=accept[admin@Router2] > ip firewall nat chain=srcnat add out-interface=public \\... action=masquerade 2.... 
    1.+ 	
 	
 	8	
  
 !379+
•3
!
[admin@Router1] > ip firewall nat add chain=srcnat src-address=10.1.0.0/24 \\... dst-address=10.2.0.0/24 action=accept[admin@Router1] > ip firewall nat add chain=srcnat out-interface=public \\... action=masquerade
•3
&
[admin@Router2] > ip firewall nat chain=srcnat add src-address=10.2.0.0/24 \\... dst-address=10.1.0.0/24 action=accept[admin@Router2] > ip firewall nat chain=srcnat add out-interface=public \\... action=masquerade
2....

    Page 206

    Page 206 MikroTik router to CISCO Router 6     *$                  1.+  &   /         5F!  !,+/       *LF   •? #   [admin@MikroTik] > ip ipsec peer add address=10.0.1.2 \\... secret=gvejimezyfopmekun enc-algorithm=des •,40, ip ipsec proposal set default enc-algorithms=des •,40, 
    MikroTik router to CISCO Router
6  
 *$ 
 


  
  
 

 
	 

 	

	 


1.+  &
 	/ 
	

 		
 5F! 	
 !,+/    
 

 *LF 
	
•?
#


[admin@MikroTik] > ip ipsec peer add address=10.0.1.2 \\... secret=gvejimezyfopmekun enc-algorithm=des
•,40, ip ipsec proposal set default enc-algorithms=des
•,40,

    Page 207

    Page 207 ! Create IPsec transform set - transformations that should be applied to! traffic - ESP encryption with DES and ESP authentication with SHA1! This must match /ip ipsec proposalcrypto ipsec transform-set myset esp-des esp-sha-hmacmode tunnelexit 3.+                 8       F!$    •? #   [admin@MikroTik] > ip ipsec policy add \\... src-address=10.0.0.0/24 dst-address=10.0.2.0/24 action=encrypt \\... tunnel=yes sa-src=10.0.1.1... 
    ! Create IPsec transform set - transformations that should be applied to! traffic - ESP encryption with DES and ESP authentication with SHA1! This must match /ip ipsec proposalcrypto ipsec transform-set myset esp-des esp-sha-hmacmode tunnelexit
3.+   
	
 	
 
	 

 

 	
 8 


 
 F!$ 
 


 
•?
#


[admin@MikroTik] > ip ipsec policy add \\... src-address=10.0.0.0/24 dst-address=10.0.2.0/24 action=encrypt \\... tunnel=yes sa-src=10.0.1.1...

    Page 208

    Page 208 current outbound spi: 1308650Cinbound esp sas:spi: 0x90012A(9437482)transform: esp-des esp-sha-hmac ,in use settings ={Tunnel, }slot: 0, conn id: 2000, flow_id: 1, crypto map: mymapsa timing: remaining key lifetime (k/sec): (4607891/1034)IV size: 8 bytesreplay detection support: Yinbound ah sas:inbound pcp sas:outbound esp sas:spi: 0x1308650C(319317260)transform: esp-des esp-sha-hmac ,in use settings ={Tunnel, }slot: 0, conn id: 2001, flow_id: 2, crypto map: mymapsa timing: remaining key lifetime... 
    current outbound spi: 1308650Cinbound esp sas:spi: 0x90012A(9437482)transform: esp-des esp-sha-hmac ,in use settings ={Tunnel, }slot: 0, conn id: 2000, flow_id: 1, crypto map: mymapsa timing: remaining key lifetime (k/sec): (4607891/1034)IV size: 8 bytesreplay detection support: Yinbound ah sas:inbound pcp sas:outbound esp sas:spi: 0x1308650C(319317260)transform: esp-des esp-sha-hmac ,in use settings ={Tunnel, }slot: 0, conn id: 2001, flow_id: 2, crypto map: mymapsa timing: remaining key lifetime...

    Page 209

    Page 209 left=192.168.0.108leftsubnet=192.168.87.0/24right=192.168.0.155rightsubnet=10.0.0.0/24authby=secretpfs=noauto=add • %     192.168.0.108 192.168.0.155 : PSK gvejimezyfopmekun •        [admin@MikroTik] > /ip ipsec peer add address=192.168.0.108 \\... secret=gvejimezyfopmekun hash-algorithm=md5 enc-algorithm=3des \\... dh-group=modp1024 lifetime=28800s [admin@MikroTik] > /ip ipsec proposal auth-algorithms=md5 \\... enc-algorithms=3des pfs-group=none [admin@MikroTik]... 
    left=192.168.0.108leftsubnet=192.168.87.0/24right=192.168.0.155rightsubnet=10.0.0.0/24authby=secretpfs=noauto=add
•
%

 
192.168.0.108 192.168.0.155 : PSK gvejimezyfopmekun
• 
 
	


[admin@MikroTik] > /ip ipsec peer add address=192.168.0.108 \\... secret=gvejimezyfopmekun hash-algorithm=md5 enc-algorithm=3des \\... dh-group=modp1024 lifetime=28800s
[admin@MikroTik] > /ip ipsec proposal auth-algorithms=md5 \\... enc-algorithms=3des pfs-group=none
[admin@MikroTik]...

    Page 210

    Page 210 IPIP Tunnel Interfaces Document revision 1.3 (October 10, 2007, 14:06 GMT) This document applies to MikroTik RouterOS V3.0 Table of Contents TableofContents GeneralInformation Summary QuickSetupGuide Specifications AdditionalDocuments IPIPSetup Description PropertyDescription Notes Description General Information Summary  *$*$            !  #3 -..:    *$*$            *$     *$         ... 
    IPIP Tunnel Interfaces
Document revision 1.3 (October 10, 2007, 14:06 GMT)
This document applies to MikroTik RouterOS V3.0
Table of Contents
TableofContents
GeneralInformation
Summary
QuickSetupGuide
Specifications
AdditionalDocuments
IPIPSetup
Description
PropertyDescription
Notes
Description
General Information
Summary
 *$*$ 



 

	

 
 
  
 !  #3 -..: 	

 *$*$ 


  	 

 
	
 
		
 *$ 	
 
 *$ 
 	 	 


 

 
 ...
    Start reading MikroTik Router OS V3.0 User Manual
    All MikroTik manuals