Site-to-site IPSec between Juniper and Cisco through Mikrotik’s NAT

Site-to-site IPSec between Juniper and Cisco through Mikrotik’s NAT

Since my company has been using Cisco and Juniper network equipment we have a lot of IPSec tunnels to remote branches. To achieve some sort of high-availability we have decided to implement one of the IPSec tunnels over an LTE network.

To do so we bought Mikrotik wAP LTE kit to get connected to an LTE network and obtained a public IP address from a mobile data operator.

So.. we have:

  1. Cisco ISR in the DC with public IP address
  2. Mikrotik wAP LTE with public IP address
  3. Juniper SRX100 in the branch with private address connected to Mikrotik

Cisco ISR config

Tunnel interface:

IPSec config:


Juniper SRX config

Adding to zone and allowing IKE on the interface:


Mikrotik config


IPsec debug on SRX

To debug IPSec on Juniper you can use this commands:

Phase 1

Phase 2


Making Home Lab. Part 1

Making Home Lab. Part 1

Due to a lot of experience that I have with real networking hardware, it is not mandatory to have a Home Lab to pass CCNA R&S. However, I’ve decided that it could be extremely useful for my further professional development to have a lab at home.

It is understood that there are two options:

Option 1. Buy real Cisco gear on Ebay


  • real hardware


  • lack of flexibility
  • quite expensive
  • noisy
  • require a lot of space


Cisco Certification

I have been around networks for over 8 years and I always have had a dream to become a CCIE. Now It is time to set the GOAL and to start my journey.

So that I’ve started studying for the CCNA R&S exam and thought I would put my notes on this blog. It might be useful for me and hopefully, my notes can be helpful to someone else. These notes are based on CCNAR&S 200-125 Official Cert Guide and CBT Nuggets.

Cisco native VLAN mystery revealed

Many people have trouble understanding cisco’s native vlan idea. Actually, it is very simple.

Let’s start with statement, that the native VLAN has two functions:

  1. It tags incoming untagged frames on trunk links with the native VLAN.
  2. It untags outgoing frames that has already been tagged with same VLAN that is being used for the native VLAN on the trunk.