/ip ipsec proposal add name="VPN_Cloud" auth-algorithms=sha1 enc-algorithms=aes-256-cbc lifetime=1h pfs-group=modp1024Креирање на IPSec полиса за втора фаза (размена на мрежи):
/ip ipsec policy add src-address=<LAN_Subnet> src-port=any dst-address=<Cloud_Subnet> dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=<MikroTik_Public_IP> sa-dst-address=<Edge_Public_IP> proposal=VPN_Cloud ph2-count=1Креирање на IPSec Peer за прва фаза (воспоставување на врска):
/ip ipsec peer add address=<Edge_Public_IP>/32 auth-method=pre-shared-key secret="<PreShared_Key>" generate-policy=no policy-template-group=default exchange-mode=main send-initial-contact=yes nat-traversal=yes proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-256 dh-group=modp1024 lifetime=8h dpd-interval=2m dpd-maximum-failures=5Креирање на Firewall правила:
/ip firewall filter add chain=forward dst-address=<Cloud_Subnet> src-address=<LAN_Subnet> action=accept add chain=forward dst-address=<LAN_Subnet> src-address=<Cloud_Subnet> action=acceptКреирање на NAT правила:
/ip firewall nat add chain=srcnat dst-address=<Cloud_Subnet> src-address=<LAN_Subnet> action=accept add chain=srcnat dst-address=<LAN_Subnet> src-address=<Cloud_Subnet> action=accept
Од страната на Edge Gateway, потребно е да се конфигурираат следните параметри:
PFS: Enabled Encryption Algorithm: AES256 Diffie-Hellman Group: DH2