WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

How to configure routing with IPsec tunnel installed between RUT950 and Zyxel USG-50

0 votes
299 views 1 comments
by anonymous
Hi!

I have RUT950 (legacy-design). Firmware version 06.05.1.

There is an IPsec tunnel installed with Zyxel USG-50.

LAN RUT950 192.168.30.0/24

LAN USG-50 192.168.27.0/24

With an IPsec tunnel installed, there is full access between LAN networks.

An external user is connected to the Zyxel USG-50 via a mobile network via L2TP over IPsec.

An external user gets access to LAN 192.168.27.0/24 and has an internal address from subnet 192.168.110.0/24

A routing policy is configured on the USG-50, redirecting all packets from any networks to 192.168.30.0/24 in the IPsec tunnel between RUT950 and USG-50.

Thus, requests from an external user with addresses 192.168.110.0/24 to addresses 192.168.30.0/24 are routed to the tunnel.

 But there is no response from RUT950, because packets from RUT950 go to the default gateway, not to the tunnel.

How to prescribe routing rules on RUT950 so that when a tunnel is installed

192.168.30.0/24 – 192.168.27.0/24

Packets coming from addresses 192.168.110.0/24 were routed to the installed IPsec tunnel back to USG-50?

Do I need to make additional rules in the firewall?

Firmware RUT950 06.05.1 – due to the fact that on later versions it is not possible to install an IPsec tunnel with USG-50.

Thanks.
by anonymous

The reason is caused by the fact that video surveillance cameras are installed at a remote facility (RUT950) and they need to be connected from anywhere from a mobile phone. At the same time, WAN IP (RUT950) is a dynamic IP for the NAT of the mobile operator, which does not allow you to connect to RUT950 directly.

Clarification:

When connecting via SSH to RUT950 and running the tcpdump -i eth0 command, there are no incoming packets from USG-50 from addresses 192.168.110.0/24

Perhaps they are filtered because they do not correspond to the parameters of the installed IPsec VPN

1 Answer

0 votes
by anonymous
Hello,

Could tell me what is the reason for configuring USG-50 to route all the traffic from external clients (192.168.110.0/24) to the RUT950 LAN (192.168.30.0/24) if this traffic then needs to be routed back to the USG-50 once RUT950 receives it?

Also, could you provide a simple network topology with specified hosts and their IP addresses for the visual aid?