FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
5,382 views 8 comments
by

Hello!

Anyone can tell me how to configure a static routes on RUT955 ?

which adress i can used in Destination adress? which in a gateway? 

I need to configure my RUT955  to get connected from company network ( 192.168.1.0)  to remote network  (10.142.13.9)  

as figure below.

1 Answer

+1 vote
by anonymous

Hi,

If you're using IPsec on RUT955, you don't need to configure static routes.

  • Go the Services → VPN → IPsec page.
  • Click "Edit" on the IPsec instance.
  • Find the "Local IP address/Subnet mask" field and enter this: 10.142.13.9/32
  • Save the changes.
This will make the 10.142.13.9 host reachable from the other end of the IPsec tunnel.
by

Hi, thanks for your reply.

I configured RUT955  as you wrote me, but IPsec tunnel, isn't established. so i can't  reach RUT955 (before i could reach it)

IPsec tunnel was configured with 10.10.10.0 subnet in field "Local IP address/Subnet mask" ; but in this configuration i can't Ping  10.142.13.9

any suggest?

thx

by anonymous

You should specify both networks (RUT955 and what's behind it) in the "Local IP address/Subnet mask" field. Like this:

You have to click the green plus symbol to be able to add more than one network.

by

Hi thanks for your time,

i tried to configure my IPsec tunnel as you told me, but when i try to ping my remote host (10.142.13.9) both from my local host and rut 955 but i get no response.

below my rut 955 configuration and remote host ip config.

any suggest?

many thx.

by anonymous

Ok, I think I can see the full picture now. Here's what you need to do:

  • Set "Local IP address/Subnet mask" like this:
  • Set "Remote IP address/Subnet mask" like this:
Also, the IP 10.142.13.9 looks like it was set up manually (static IP). Is this true or was the IP assigned via DHCP? If it was assigned with DHCP, then all should work fine. If it's a static IP you may need to add this firewall rule in the router's Network → Firewall → Custom Rules page:
iptables -I FORWARD -s 10.142.13.9/32 -j ACCEPT
by

Hi,

i tried as you told me , but it still doesn't work. 

IP 10.142.13.9 is a static IP.

here are the screenshots.

P.S.

in custom rules: maybe i have to specify destination? correct?

by
Do yuo have any news?
by anonymous

If you don't specify a destination the rule applies to any destination, so there's no need, unless your looking to restrict something.

Your configuration looks good, I've tested it before providing my answers and it worked for me. But I did it between two RUT955s, so I can only assume that there's a mismatch with the CISCO device's configuration. But I admit I'm out of ideas. Can you answer some more questions?

  • Can you reach RUT955 with the latest configuration?
  • Does the IPsec tunnel establish correctly? You can check it with an SSH/CLI command ipsec status. If everything is correct, the output should look something like this:
Shunted Connections:
passthrough0:  10.0.0.0/8 === 10.0.0.0/8 PASS
Security Associations (1 up, 0 connecting):
        Demo[1]: ESTABLISHED 1 second ago, Your_wan_ip[10.10.10.10]...Cisco_endpoint_wan_ip[192.168.1.1]
        Demo{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c590f2a0_i cefb6f59_o
        Demo{1}:   192.168.1.0/24 === 10.0.0.0/8
  • If not, try restarting IPsec by using these two commands one after the other: 
    • ipsec stop
    • ipsec start
  • Then check the status again.
  • Can you provide the Troubleshoot file from the router? It can be downloaded from the WebUI, System → Administration → Troubleshoot page.
  • Can you provide a tcpdump file from the router? It can also be downloaded from the same page. However, you have to enable tcpdump before it starts gathering information. After you enable, don't download it instantly. Try to connect via IPsec first. (If IPsec is down, try the commands I listen earlier.)
If you're unfamiliar with SSH/CLI, you can find a comprehensive guide here. Using commands is simple. You just login, type the command and press "Enter".
by
Hi, thanks for your time.

I tried to do what you told me; i'm sending you all in private message.

Regards