Question

Hello!

Anyone can tell me how to configure a static routes on RUT955 ?

which adress i can used in Destination adress? which in a gateway? 

I need to configure my RUT955  to get connected from company network ( 192.168.1.0)  to remote network  (10.142.13.9)  

as figure below.

Answer 1

Hi,

If you're using IPsec on RUT955, you don't need to configure static routes.

• Go the Services → VPN → IPsec page.
• Click "Edit" on the IPsec instance.
• Find the "Local IP address/Subnet mask" field and enter this: 10.142.13.9/32
• Save the changes.

This will make the 10.142.13.9 host reachable from the other end of the IPsec tunnel.

Comments

Hi, thanks for your reply.

I configured RUT955  as you wrote me, but IPsec tunnel, isn't established. so i can't  reach RUT955 (before i could reach it)

IPsec tunnel was configured with 10.10.10.0 subnet in field "Local IP address/Subnet mask" ; but in this configuration i can't Ping  10.142.13.9

any suggest?

thx

---

You should specify both networks (RUT955 and what's behind it) in the "Local IP address/Subnet mask" field. Like this:

You have to click the green plus symbol to be able to add more than one network.

---

Hi thanks for your time,

i tried to configure my IPsec tunnel as you told me, but when i try to ping my remote host (10.142.13.9) both from my local host and rut 955 but i get no response.

below my rut 955 configuration and remote host ip config.

any suggest?

many thx.

---

Ok, I think I can see the full picture now. Here's what you need to do:

• Set "Local IP address/Subnet mask" like this:

• Set "Remote IP address/Subnet mask" like this:

Also, the IP 10.142.13.9 looks like it was set up manually (static IP). Is this true or was the IP assigned via DHCP? If it was assigned with DHCP, then all should work fine. If it's a static IP you may need to add this firewall rule in the router's Network → Firewall → Custom Rules page:

iptables -I FORWARD -s 10.142.13.9/32 -j ACCEPT

---

Hi,

i tried as you told me , but it still doesn't work. 

IP 10.142.13.9 is a static IP.

here are the screenshots.

P.S.

in custom rules: maybe i have to specify destination? correct?

---

Do yuo have any news?

---

If you don't specify a destination the rule applies to any destination, so there's no need, unless your looking to restrict something.

Your configuration looks good, I've tested it before providing my answers and it worked for me. But I did it between two RUT955s, so I can only assume that there's a mismatch with the CISCO device's configuration. But I admit I'm out of ideas. Can you answer some more questions?

• Can you reach RUT955 with the latest configuration?
• Does the IPsec tunnel establish correctly? You can check it with an SSH/CLI command ipsec status. If everything is correct, the output should look something like this:

Shunted Connections:

passthrough0:  10.0.0.0/8 === 10.0.0.0/8 PASS

Security Associations (1 up, 0 connecting):

        Demo[1]: ESTABLISHED 1 second ago, Your_wan_ip[10.10.10.10]...Cisco_endpoint_wan_ip[192.168.1.1]

        Demo{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c590f2a0_i cefb6f59_o

        Demo{1}:   192.168.1.0/24 === 10.0.0.0/8

• If not, try restarting IPsec by using these two commands one after the other: 
  • ipsec stop
  • ipsec start
• Then check the status again.
• Can you provide the Troubleshoot file from the router? It can be downloaded from the WebUI, System → Administration → Troubleshoot page.
• Can you provide a tcpdump file from the router? It can also be downloaded from the same page. However, you have to enable tcpdump before it starts gathering information. After you enable, don't download it instantly. Try to connect via IPsec first. (If IPsec is down, try the commands I listen earlier.)

If you're unfamiliar with SSH/CLI, you can find a comprehensive guide here. Using commands is simple. You just login, type the command and press "Enter".

---

Hi, thanks for your time.

I tried to do what you told me; i'm sending you all in private message.

Regards