HomeHome ArticlesArticles Most Popular ArticlesMost Popular Articles Most Helpful ArticlesMost Helpful Articles Request New ArticleRequest New Article
RSS Feeds
DrillDown Icon Table of Contents Back
 . . . . . . . . . . . . .
DrillDown Icon Knowledge Base Information
DrillDown Icon Cyberoam Security Appliances (UTM and NGFW)
DrillDown Icon FAQs on Cyberoam and Sophos Firewall
DrillDown Icon Vulnerability Security Advisories
DrillDown Icon Best Practices & Policies
DrillDown Icon Protect Your Cyberoam Appliances from Power Fluctuations
DrillDown Icon Technical Library
DrillDown Icon Deployment
DrillDown Icon Registration & Licensing
DrillDown Icon System
DrillDown Icon Objects
DrillDown Icon Network
DrillDown Icon Identity
DrillDown Icon Firewall
DrillDown Icon VPN
DrillDown Icon Enable Single Sign On (SSO) for VPN Users
DrillDown Icon Implement Split Tunnel in MAC OS X for PPTP and L2TP VPN
DrillDown Icon Assign Static IP Address to L2TP/PPTP User
DrillDown Icon IPSec VPN
DrillDown Icon SSL VPN
DrillDown Icon VPN Interoperability
DrillDown Icon Establish IPSec Connection between Cyberoam and Palo Alto
DrillDown Icon Establish IPSec VPN Connection between Cyberoam and a Web Service Provider using an Assigned IP Address
DrillDown Icon Establish IPSec VPN connection between Cyberoam and Mikrotik router
DrillDown Icon Establish Site-to-Site IPSec Connection between Cyberoam and Cisco Router (through Command Line) using Preshared key
DrillDown Icon Establish IPSec VPN connection between Cyberoam and Cradle Point router
DrillDown Icon Establish IPSec VPN connection between Cyberoam and Sophos UTM
DrillDown Icon Establish VPN Connection between Cyberoam and AVAYA IP Phone using Cisco VPN Client
DrillDown Icon Establish PPTP VPN Connection between Cyberoam and iOS Device
DrillDown Icon Establish IPSec VPN Connection between Cyberoam and Microsoft Azure
DrillDown Icon Configure L2TP VPN Connection for MAC OS X client
DrillDown Icon Configure PPTP VPN Connection for MAC OS X client
DrillDown Icon Establish IPSec VPN Connection between Cyberoam and Cisco VPN Client for MAC OS X
DrillDown Icon Implement Split Tunnel in Windows 7 for PPTP and L2TP VPN
DrillDown Icon Establish IPSec VPN connection between Cyberoam and Watchguard
DrillDown Icon Establish IPSec VPN Connection between Cyberoam and Amazon VPC
DrillDown Icon Establish Site-to-Site IPSec Connection between Cyberoam and PIX Firewall using Preshared key
DrillDown Icon Establish IPSec VPN Tunnel between Cyberoam and NetScreen
DrillDown Icon Establish IPSec VPN Tunnel between Cyberoam and Cisco ASA using Preshared key
DrillDown Icon Establish VPN Tunnel between Cyberoam and SonicWall using Preshared key
DrillDown Icon Establish VPN Tunnel between Cyberoam and Fortigate using Preshared key
DrillDown Icon Configure Cyberoam to Establish PPTP connection using MS Windows 7 VPN Client
DrillDown Icon Configure MS Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
DrillDown Icon Configure L2TP between Cyberoam and Windows 7
DrillDown Icon Configure Apple iPhone for Cyberoam L2TP VPN Connection
DrillDown Icon Configure Apple iPad for Cyberoam L2TP VPN Connection
DrillDown Icon Configure MS Windows XP VPN Client for L2TP connection with MS-CHAP v2 Authentication
DrillDown Icon Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key
DrillDown Icon Establish Site-to-Site IPSec Connection using Preshared key Between Cyberoam and NetGenie SOHO
DrillDown Icon Connect Android Devices with Cyberoam Using L2TP VPN
DrillDown Icon Establish an IPSec Connection Between Cyberoam and Cisco VPN Client for Apple iOS
DrillDown Icon Establish an IPSec Road Warrior Connection between Cyberoam and Macintosh using IP Securitas
DrillDown Icon Establish an IPSec Connection Between Cyberoam and Cisco VPN Client for Windows
DrillDown Icon Errors
DrillDown Icon How to restart VPN service from CLI?
DrillDown Icon How to route all traffic via VPN tunnel in Macintosh?
DrillDown Icon Is it possible to terminate VPN connection on ALIAS IP address?
DrillDown Icon Apply QoS Policies on VPN Users
DrillDown Icon IPS
DrillDown Icon Web Filter
DrillDown Icon Application Filter
DrillDown Icon Web Application Firewall (WAF)
DrillDown Icon IM
DrillDown Icon Quality of Service (QoS)
DrillDown Icon Anti Virus
DrillDown Icon Anti Spam
DrillDown Icon Logs & Reports
DrillDown Icon Clients
DrillDown Icon Cyberoam Maintenance
DrillDown Icon Compatibility
DrillDown Icon Archives
DrillDown Icon Cyberoam Virtual Security
DrillDown Icon Cyberoam iView
DrillDown Icon Cyberoam Central Console
DrillDown Icon Cyberoam's On-Cloud Management Service
  Subscribe Print PreviewPrint Current Article and All Sub-Articles
 
Establish IPSec VPN connection between Cyberoam and Mikrotik router

Applicable Version: 10.00 onwards

Scenario

Establish IPSec VPN connection between Cyberoam and Mikrotik router using Preshared Key authentication.

Microtik Configuration

Administrator access required to add or modify configuration in Mikrotik.

Step 1: Configure IPSec Proposal

Go to IP > IPSec > Proposal and click Add New to create an IPSec proposal for the VPN tunnel as shown below.

Parameters

Value

Enabled

Checked

Name

proposal1

Auth. Algorithms

sha1

Encr. Algorithms

3des

Lifetime

00:30:00

PFS Group

modp1024

 
                                                                                                                                                                                


Click Apply and then OK to create the IPSec Proposal.

Step 2: Configure Peer

Navigate to IP > IPSec > Peer and click Add New to configure Peer/ Remote Device (here, Cyberoam) as shown in the image.

 

Parameters

Value

Enabled

Checked

Address

1.1.1.1

Port

sha1

Auth. Method

pre shared key

Secret

cyberoam

Policy Group

default

Exchange Mode

main

Send Initial Contact

Checked

Proposal Check

Obey

Hash Algorithm

sha1

Encryption Algorithm

3des

DH Group

modp1024

Generate Policy

no

Lifetime

04:00:00

DPD Interval

disable DPD

DPD Maximum Failures

5                                                                        
 



Step 3: Configure IPSec Policy

Navigate to IP > IPSec > Policy and click Add New to create IPSec policy as shown in the table below.

Parameters

Value

Enabled

Checked

Src. Address

172.16.1.0/24

Dst. Address

192.168.110.0/24

Protocol

255(All)

Action

encrypt

Level

require

IPSec protocols

esp

Tunnel

Checked

SA Src. Address

2.2.2.2

SA Dst. Address

1.1.1.1

Proposal

proposal1

Priority

0

 



Step 4: Configure NAT policy

Navigate to Firewall > NAT and click Add New to create NAT policy. Specify the following parameters:

Parameters

Value

Source Address

172.16.1.0 (Mikrotik’s LAN IP Address)

Destination Address

192.168.110.0/24 (Cyberoam’s LAN IP Address)

Action

Accept

 

Click Apply and OK to save. The following screen will be displayed.

Cyberoam Configuration

You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s).

To configure IPSec Connection in Cyberoam, follow the steps given below.

Step 1: Configure IPSec Connection

Go to VPN > IPSec > Connection and click Add to create a new connection using parameters given below.

Parameter

Value

Description

Name

IPSec_CR_Mikrotik

Name to identify the IPSec Connection

Connection Type

Site to Site

Select Type of connection.

Available Options:

·         Remote Access

·         Site to Site

·         Host to Host

Policy

DefaultBranchOffice

Select policy to be used for connection

Action on VPN Restart

Initiate

Select the action for the connection.

Available options:

·         Respond Only

·         Initiate

·         Disable

Authentication details

Authentication Type

Preshared Key

Select Authentication Type. Authentication of user depends on the connection type. 

Preshared Key

Cyberoam

Specify the Preshared Key

Endpoints Details

Local

PortB-1.1.1.1

Select local port which acts as end-point to the tunnel

Remote

2.2.2.2

Specify Gateway IP Address assigned to Cradle Point router.

Local Network Details

Local Subnet

192.168.1.0/24

 

Select Local LAN Address. Add and Remove LAN Address using Add Button and Remove Button

Remote Network Details

Remote LAN Network

172.16.1.0.0/24

Select/specify IP address of Cradle Point local network.

 

 

Click OK to create the connection.

Step 3: Activate IPSec Connection

Go to VPN > IPSec > Connection and click   under Active and Connection heads against IPSec_CR_Mikrotik connection, created in Step 1.

 

 
 Under the Active status indicates that the connection is successfully activated.

 Under the Connection status indicates that the connection is successfully established.

                                                                                               

                                                                Document Version 1.0 – 03 November, 2014

Attachments
Article ID: 3059