Good Day All,
Hi have an error when attempting to connect a mikrotik RB750 to a SophosXG firewall using IPsec Connection.
Below I will have some screenshots with the general configuration. but the error I am receiving is the following: It displays in the mikrotik logs:
xxx.xxx.xxx.xxx failed to pre-process ph2 packet
my configuration on the mikrotik is as follow:
jun/08/2018 15:51:52 by RouterOS 6.40.8
# software id = A2MX-98ZF
#
# model = 750
# serial number = 260A015DDB45
/ip ipsec mode-config
set [ find default=yes ] name=request-only
/ip ipsec policy group
set [ find default=yes ] name=default
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1,md5 disabled=yes enc-algorithms=\
3des lifetime=30m name=default pfs-group=modp1024
add auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=0s name=\
proposal1 pfs-group=modp1024
/ip ipsec peer
add address=**(External WAN SOPHOS END)**/32 auth-method=pre-shared-key dh-group=modp1024 \
disabled=no dpd-interval=disable-dpd enc-algorithm=3des exchange-mode=main \
generate-policy=no hash-algorithm=sha1 lifetime=1d local-address=\
**(internal LAN MK SIDE)** nat-traversal=no policy-template-group=default proposal-check=\
obey secret=PASSWORD send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=**(Internal LAN Sophos END)/23 dst-port=any \
ipsec-protocols=esp level=require proposal=proposal1 protocol=all \
sa-dst-address=**(SOPHOS WAN IP) sa-src-address=**(MK EXTERNAL IP)** src-address=\
**(MIKROTIK WAN IP)**/32 src-port=any tunnel=yes
set 1 disabled=yes dst-address=::/0 group=default proposal=default protocol=all \
src-address=::/0 template=yes
/ip ipsec user settings
set xauth-use-radius=no
Sophos Config:
This thread was automatically locked due to age.
