subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
619 views 2 comments
by anonymous
Hi together,

as many other people here have done I tried 1:1 NAT-ing the private LAN-network of a RUT X11 (which might be a.b.c.0/24) via NETMAP, so that from outside (means via IPSec connection from IPSec-gateway side) it is seen as another network (which might be d.e.f.0/24).

This seems to work pretty well, when doing it like described here:

But now I can't access the router's webinterface over IPSec any more, which worked before. Access to webinterface of another device works.

Since I have no clue, can somebody help me or give me a hint, please? Thank you!

Best regards


3 Answers

0 votes
by anonymous


Thanks for contacting TELTONIKA | Crowd-support forum.

 LAN to LAN communication should be possible between end devices but to enable RUT to RUT communication additionally it'll be needed to install route on each device.

More information can be found here:

Best regards,

by anonymous

thank you for explaining.

However, netmapping still works, but after applying new route and routing table exactly as told accessing webinterface from VPN doesn't work, yet.

Tried with RUT X11 and newest firmware v7.01.2

Is there anything still missing?

Best regards
0 votes
by anonymous


unfortunately I still didn't get this managed 100%.

When applying configuration as told netmapping works, but after applying new route and routing table exactly as told accessing webinterface from VPN side still doesn't work.

Tried with RUT X11 and newest firmware v7.01.2.

Is there anything missing? Thank you!

Best regards


by anonymous
0 votes
by anonymous

I tried everything, again, this time with firmware 7.1.4, but didn't get further - I can access devices placed in RUT X11's LAN from VPN side but can't access RUT X11's webinterface via VPN from VPN side...

But our situation is a little bit different than in described tutorials:

We don't have two RUTs both with same LAN IP range.

We have N RUTs all with same LAN IP address range, that all are connected via one central IPSec gateway from another vendor.

So I tried to modificate the tutorial for our needs, which means I applied the described configurations only to RUT and modified the needed netmap configurations in a way that reflects, what is routed via gateway (in our case not another /24 LAN segment, but a bigger IP range like x.y.0.0/16).

So where in the example it was like 

iptables -t nat -I POSTROUTING -s -d -j NETMAP --to
iptables -t nat -I PREROUTING -s -j NETMAP --to

instead I configured

iptables -t nat -I POSTROUTING -s -d x.y.0.0/16 -j NETMAP --to
iptables -t nat -I PREROUTING -s x.y.0.0/16 -j NETMAP --to

Since generally IPsec tunnel works and netmapping also works, where is the point that should be made different?

Did I make a mistake with netmapping or has the routing update be made different?

Has anybody some clue? Thank you!