Mikrotik to Cisco ASA IPsec VPN
We needed to setup IPsec VPN for a client with a remote location that already had Cisco ASA. So, here is a Mikrotik to Cisco ASA IPsec howto.
Cisco ASA site
- WAN: 184.108.40.206/30 (outside)
- LAN: 192.168.2.1/24 (inside)
- WAN: 220.127.116.11/30 (ether1)
- LAN: 192.168.1.1/24 (ether2)
Cisco ASA to Mikrotik configuration
Launch the VPN configuration wizard on your Cisco ASA router
Set VPN Tunnel Type as Site-to-Site
Set the Remote Peer IP Address: 18.104.22.168(Mikrotik WAN) and Pre-shared key. Also Tunnel Group Name should be the Remote Peer IP Address.
Set the IKE Policy Encryption to 3DES, Authentication to MD5 and DH Group to 2
Set the IPsec Encryption to 3DES and Authentication to MD5
Set the Local and Remote Networks
Don’t forget to set the IKE Parameters to Identity: Address to avoid connection problems
Mikrotik to Cisco ASA configuration
Create new policy
Create new Peer
Modify the default proposal to accept MD5 as Authentication
Create NAT rule to bypass the traffic that should to trough the tunnel
Move the rule to the top
Now you can connect your branch offices using Mikrotik Routers even if you have Cisco ASA’s installed on the other locations.