MikroTik IPSEC behind FritzBox Router

Configure the Fritzbox to passthrough IPSEC ESP and UDP ports 500(ISAKMP) and 4500(NAT-T)

1. Configure the FritzBox that it allows incoming and outgoing connections for the following ports and IP protocols to your MikroTik Box/CHR :

  • ESP (“Encapsulated Security Payload”; IP protocol number 50 (no ports here!)) in most routers this is = “IPsec Passthrough”
  • UDP port 500 (ISAKMP)
  • UDP port 4500 (NAT traversal)
Bezeichnung  Protokoll  Port  an Computer  an Port 
IPSEC_ESP ESP   MikroTik  
IPSEC_ISAKMP UDP 500 MikroTik 500
IPSEC_NAT-T UDP 4500 MikroTik 4500

2. in Mikrotik configure IP > IPSEC or lookup http://www.berzek.com/2017/10/23/mikrotik-ipsec-vpn-quick-setup-a-b-c/

  • PEERS
  • POLICY
  • PROPOSAL

aniston has written 44 articles