10456 questions

12456 answers

19379 comments

21880 members

0 votes
854 views 6 comments
by

Hello,

I want to configure an ipsec connection between a RUTX09 and a fortigate firewall. Therefore I found some good manuals so that the ipsec works fine and the traffic goes through the tunnel.

Now I want to change the configuration that the whole lan-traffic on the RUTX09-side goes to the tunnel. Therefore I activated the "Default route" option.

and inserted the "Local source IP" under the advanced settings.

The tunnel still comes up but not as expected. On the fortigate side I only see the ip address of the mobile network from the RUTX09.

What do I have to configure that the fortigate got the correct routing information of the local subnet 192.168.44.0/29 from the RUTX09?

Greetings

Benjamin

1 Answer

0 votes
by
Hello,

Regarding the problem you are having from what I can see there is no problem with the RUTX09 since the communication between the devices is okay. You also mentioned that the issue you are having is about the FortiGate firewall since it is not receiving any routes from RUTX09. So I am guessing something you missed on the firewall rule of Fortigate or try to review your configuration on the FortiGate side.

Here are some sample configuration for RUT9XX with Fortigate: https://we.tl/t-wI1P667LhC

Regards,
Jerome
by

Hello Jerome,

thank you for your answer. I hope the following screenshot can show my problem. As you can see there is an succesfully established ipsec tunnel with a sa. The sa is built up with the public mobile ip instead of the internal network. I expected a sa like "192.168.44.0/29 === 0.0.0.0/0". Perhaps I've to change something on the nat- or firewall-configuration on th RUT?

Greetings

Benjamin

by

Hello, 

Could you try doing this on the configuration you sent about the connection settings could you try delete / leave the local ip textbox empty and check if it solves the problem? 

In the general settings, you can specify the local IP of the RUTX09.


Let me know the results

Regards,
Jerome

by

Hello Jerome,

I changed the configuration as you suggested. Now the tunnel sa looks like the following screenshot.

The goal is to use the default route option bebecause all of RUT lan traffic should go through the tunnel.

Greetings

Benjamin

by
Hello,

Could you send me a copy of the troubleshoot file of the RUTX09 so that i can check?

Regards,
Jerome
by
Whats the solution?
by
I got this working on an Fortigate by setting phase2 "local addresses" to 0.0.0.0/0.0.0.0 on Fortigate and "Remote subnet" to  0.0.0.0/0.0.0.0 on Teltonika, and under advanced selecting "Passthrough networks = LAN".
The problem with Teltonika device i that some functions dont work without reboot, so makes troubleshooting harder.