FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
365 views 1 comments
by anonymous

Hello Support,

our RUTX09 with firmware 00.01.04.5 was connected via IPSEC to a Cisco ASA.

After the upgrade to the current version 00.02.01.1, the IPSEC does not work anymore.

Debugging on Cisco ASA side (ASA is the responder), there are no packets coming: it seems the RUTX09 does not trigger the IPSEC at all.

Here the config, thank you for the support.

root@Teltonika-RUTX09:~# uci show ipsec

ipsec.@ipsec[0]=ipsec

ipsec.@ipsec[0].rtinstall_enabled='1'

ipsec.Amadori_ph1=proposal

ipsec.Amadori_ph1.encryption_algorithm='3des'

ipsec.Amadori_ph1.hash_algorithm='sha1'

ipsec.Amadori_ph1.dh_group='modp1024'

ipsec.Amadori_ph2=proposal

ipsec.Amadori_ph2.encryption_algorithm='3des'

ipsec.Amadori_ph2.hash_algorithm='md5'

ipsec.Amadori_ph2.dh_group='no_pfs'

ipsec.Amadori_c=connection

ipsec.Amadori_c.mode='start'

ipsec.Amadori_c.type='tunnel'

ipsec.Amadori_c.local_subnet='172.20.155.0/24'

ipsec.Amadori_c.remote_subnet='172.20.0.0/20 192.168.0.0/16'

ipsec.Amadori_c.remote_firewall='yes'

ipsec.Amadori_c.keyexchange='ikev1'

ipsec.Amadori_c.aggressive='no'

ipsec.Amadori_c.ikelifetime='8h'

ipsec.Amadori_c.dpdaction='none'

ipsec.Amadori_c.crypto_proposal='Amadori_ph1'

ipsec.Amadori=remote

ipsec.Amadori.enabled='1'

ipsec.Amadori.gateway='217.57.206.73'

ipsec.Amadori.authentication_method='psk'

ipsec.Amadori.pre_shared_key='********************'

ipsec.Amadori.crypto_proposal='Amadori_ph2'

ipsec.Amadori.tunnel='Amadori_c'

1 Answer

0 votes
by anonymous
Hello,

Please see the private message I sent with possible fixes.
by anonymous
I have the same problem with firmware 00.02.05.1 on a TRB140.

The device has been factory resetted after the firmware update. I manually have to do ipsec up ipsecname-ipsecname_c