Site-to-site IPSec between Juniper and Cisco through Mikrotik’s NAT

Site-to-site IPSec between Juniper and Cisco through Mikrotik’s NAT

Since my company has been using Cisco and Juniper network equipment we have a lot of IPSec tunnels to remote branches. To achieve some sort of high-availability we have decided to implement one of the IPSec tunnels over an LTE network.

To do so we bought Mikrotik wAP LTE kit to get connected to an LTE network and obtained a public IP address from a mobile data operator.

So.. we have:

  1. Cisco ISR in the DC with public IP address
  2. Mikrotik wAP LTE with public IP address
  3. Juniper SRX100 in the branch with private address connected to Mikrotik

Cisco ISR config

Tunnel interface:

IPSec config:


Juniper SRX config

Adding to zone and allowing IKE on the interface:


Mikrotik config


IPsec debug on SRX

To debug IPSec on Juniper you can use this commands:

Phase 1

Phase 2


Cisco Certification

I have been around networks for over 8 years and I always have had a dream to become a CCIE. Now It is time to set the GOAL and to start my journey.

So that I’ve started studying for the CCNA R&S exam and thought I would put my notes on this blog. It might be useful for me and hopefully, my notes can be helpful to someone else. These notes are based on CCNAR&S 200-125 Official Cert Guide and CBT Nuggets.