Aqui está a parte de trabalho para a configuração de ipsec do Mikrotik no modo de transporte IPSEC:
admin@MikroTik] > /ip ipsec policy print
Flags: T - template, X - disabled, D - dynamic, I - inactive, * - default
0 TX* group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes
1 src-address==%MIKROTIK EXTERNAL IP%/32 src-port=any dst-address=%SERVERIP%/32 dst-port=any protocol=udp action=encrypt level=require ipsec-protocols=esp tunnel=no
sa-src-address=%MIKROTIK EXTERNAL IP% sa-dst-address=%SERVERIP% proposal=default priority=0
[admin@MikroTik] > /ip ipsec peer print
Flags: X - disabled, D - dynamic
0 address=%SERVERIP%/32 local-address=0.0.0.0 passive=no port=500 auth-method=pre-shared-key secret="KEY" generate-policy=no policy-template-group=default
exchange-mode=main send-initial-contact=yes nat-traversal=no proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-256 dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m
dpd-maximum-failures=5