FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,173 views 2 comments
by anonymous

Hello Everyone, 

i'm trying to do an IPSEC connection between two RUT240, i chose "aggressive mode" because i've not a public static ip address in the second router.

The first one is under my router office where i've opened ports 500, 4500 and 1701 in UDP mode.
I've connected my router under teltonika WAN port and assigned to this device the static IP where the NAT is working but the IPSEC Connection doesn't work.

Below i report my settings, can anyone tell me what's wrong?
Thanks a lot

Router 1

Enable = yes (flag)
IKE Versione = IKEv1
Mode = aggressive
Type = Tunnel
My identifier type = FQDN
My identifier = (blank)
Local ip address/Subnet Mask = 192.168.2.0/24 (because WAN  is 192.168.1.x and LAN is 192.168.2.x)
Left firewall = yes (flag)
Force Encapsulation = no (no flag)
Dead peer detect = no (no flag)
Pre shared key = password
Remote VPN endpoint = (blank)
Remote ip address/Subnet mask = 192.168.3.0/24
Right firewall = yes (flag)
Enable keep alive = yes (flag)
Host = 192.168.3.1
Ping period (sec) = blank
Allow WebUI access = no (no flag)

Phase 1

Encryption algorithm = 3DES
Authentication = SHA1
DH Group = MODP1536
Lifetime (h) = 8

Phase 2

Encryption algorithm = 3DES
Authentication = SHA1
DH Group = MODP1536
Lifetime (h) = 8

Router 2

Enable = yes (flag)
IKE Versione = IKEv1
Mode = aggressive
Type = Tunnel
My identifier type = FQDN
My identifier = (blank)
Local ip address/Subnet Mask = 192.168.3.0/24 
Left firewall = yes (flag)
Force Encapsulation = no (no flag)
Dead peer detect = no (no flag)
Pre shared key = password
Remote VPN endpoint = Public ip address of my office router
Remote ip address/Subnet mask = 192.168.2.0/24
Right firewall = yes (flag)
Enable keep alive = yes (flag)
Host = 192.168.2.1
Ping period (sec) = blank
Allow WebUI access = no (no flag)

Phase 1

Encryption algorithm = 3DES
Authentication = SHA1
DH Group = MODP1536
Lifetime (h) = 8

Phase 2

Encryption algorithm = 3DES
Authentication = SHA1
DH Group = MODP1536
Lifetime (h) = 8

1 Answer

0 votes
by anonymous

Hi,

Have you made port forward for IPsec in your router (Public ip address of my office router)?

by
Hi, i've done a port forward from my router to the wan ip address i've assigned to first teltonika

Ports 500 UDP, 4500 UDP, 1701 UDP to 192.168.1.52 that is the address assigned to the teltonika
by anonymous
If you can, send (directly to me) troubleshoot packages from both routers when issue is appeared