VPN s2s PA and Mikrotik

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

VPN s2s PA and Mikrotik

L4 Transporter

Hello

I have new tas - make VPN s2s between PA200 and Mikrotik router.

PA  (PA 200 on 6.1.4) has Advanced phase mode 1 optios set to AUTO and "anable passive mode" not checked

Mikrotik (751U-2HnD with latest 6.30 router OS) is in aggressive mode.

It's quite simple task, few policy rules on PA and on Mikrotik side. Configuration similar to PA<>Cisco.

I got strange resoults, everything seems to be OK.usually tunnel is working, hosts on both sides could ping each other, but ...

sometimes doesn't.

example 1:

2015-07-13_215823.png

I'm able to ping from A side to B, but not from B to A (packed rejected)

example 2

Side A pinging side B, ping from B to A doesnt working UNTIL I stopped ping from A to B

2015-07-13_215844.png

example 3

Mikrotik shows Installes SAs:

2015-07-13_215945.png

Is it normal that on PA side Auth is none and Enc Algoritms is none?

Has anyone any idea whats going on?

At the moment (about 5min later than I created screenshots above) Ping from B to A started working - is it kind of mystery or what?

Help me please

1 REPLY 1

L4 Transporter

Hello

In daily report I got:

Device SN Virtual System Rule Bytes Sessions

001606004XXX vsys1 VPN-s2s-local-networks 1021.08 M 129.84 k

It's mean that security rule that allowing traffic between A and B  transfered ~1GB and generates 130000 sessions. Thats pretty much sessions - why?

I used TotalCommander to upload and download 2,4GB ISO files, so I genereated more than 5GB traffic I think.

Second problem, using ping from A to B gateway I got aroung 10-17% loss of ping packet - is it  normal?

Regards

Slawek

  • 1580 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!