Konfigurasi L2TP-IPSec Interkoneksi antar cabang di RB3011:
Untuk L2TP Server Kantor Pusat menggunakan Internet dari Provider Transkon Dedicated Static Internet.
Langkah Pertama : (cek arsip Subneting)
Konfigurasi Internet Transkon static di Mikrotik Kantor Pusat
Set Address 100.100.100.194/29
Set Network 100.100.100.110
Set Gateway 100.100.100.111
IP LAN Mikrotik /28
Konfigurasi Internet Dinamis di Cabang
Set Address 180.100.178.99/32
Set Network 100.100.178.110
Set Gateway 100.100.178.10
IP LAN Mikrotik /24
Set Firewall NAT:
Chain =Src------> Action= Masquerete
Set DNS
202.202.202.100
203.203.200.150
IP Pool Interkoneksi:
Name : Interkoneksi
Address range = 13.33.30.2-13.33.30.10 ---> ini untuk menyembunyikan IP utama anda
Set Routes:
0.0.0.0/0 Gateway : 100.100.100.111 ---> di Kantor Pusat
Langkah Kedua:
Konfigurasi IPSec
Buat Proposal :
Name: L2TPProposal
Auth.Algoritm = sha1
Encrip.Algoritm=3des
IPSec Peer:
General :
- Address = 0.0.0.0/0
- Port : 500
- Local Address= IP Mikrotik LAN
- Auth Meth=Pre share key
- Exchange Mode= Main L2TP
- Secret = 1234
- Policy Templete Group= default
- Conteng Send Initial Contact
- Conteng NAT Traversal
- My ID Type Auto
- Generate Policy= Port strict
- Lifetime= 1d 00:00:00
- DPD Interval =120
- DPD Maximum Failure = 5
- Proposal Check=obey
- Hash Algoritm= sha1
- Encription Algoritm=3des;aes128;aes192;aes256
- DH Group mod1024
- General Src Address = 0.0.0.0/0
- Src Port=500
- General Dst Address=IP LAN/28
- Dst Port=500
- Protocol=255(all)
Set Encrypt
Set Level require
Set IP Sec protocol esp
Conteng Tunnel
Set SA Src address : 0.0.0.0
Set SA Dst address: IP LAN Mikrotik
Set Proposal :L2TP Proposal
Langkah Ketiga:
Buat IP Pool Interkoneksi site to site di ambil range dari IP LAN sebanyak 2 ip address.
Masuk di PPP, lalu buat Profiles :
- Name : Interkoneksi
- Local Address: IP Lan Mikrotik
- Remote Address: Interkoneksi ( dari Ip pool)
- Change TCP MMS = Yes
- Protocol Encryption =Yes
- Name : abc
- Pass: 1234 ( sama dengan ip-sec)
- Service: l2tp
- Profile:interkoneksi
- Local Address:IP LAN Mikrotik
- Route:IP LAN/28
- Name: L2TP-Out-Cab
- Max dan MRU = 1500 ( untuk paket data besar)
- Connect To: IP DDNS Cabang
- Username dan Password disesuaikan dengan password yang dicabang.
- Profile: Interkoneksi
- Set Firewall Chain=Input Protocol =50(ipsec-esp) Action=Accept
- Set Firewall Chain=Input Protocol= 17udp port 500 Action=Accept
- Set Firewall NAT = dst addr= 17udp port 500 Action :Accept
Semoga bermanfaat !!