IPsec Tunnel between RUT241 and Sophos UTM 9

NETWORKING SOLUTIONS
1

Hello

I need to set up an IPsec Tunnel between a Teltonik RUT241 and a Sophos UTM 9. I tried different configurations but I can’t establishe the tunnel.

I always get the error on Sophos UTM “Peer ID is ID_FQDN: ‘IP’” or on Teltonika “13[IKE] received INVALID_ID_INFORMATION error notify”

You can’t find my configuration.

2024-01-29 10_28_14-Dormakaba Laptop - TeamViewer
2024-01-29 10_28_14-Dormakaba Laptop - TeamViewer962×263 28.1 KB

2024-01-29 10_28_04-Dormakaba Laptop - TeamViewer
2024-01-29 10_28_04-Dormakaba Laptop - TeamViewer892×435 39.6 KB

image

Thank you!

3

Hello,

So is public ip accessible from both side?
That error can be caused from different situation. Probably there is an error, when negotiating between network announcements appear.
I did mention you didn`t fill up, the fields on your RUT device, where is remote subnet is not set:

image
image731×155 28.9 KB

image
image877×252 28.9 KB

And on the side of Sophos, check if there is all correct!

So generally on RUT remote subnet – means local private or real IP just to provide tunnel peer identification by addressing virtual interfaces for the booth side of the tunnel, remember IP addresses should be from the same subnet for both sides, those ip work as an identifier, like a number of doors where located some resources, mostly used when you build some dynamic routing announcement like OSPF or BGP.

You can set your tunnel with operation mode Type: Transport, in this case, you don`t need to provide IP on the tunnel sides:

image
image974×202 24.6 KB

Also if you can to share with me logs from your device:
Here you can find how to download logs, System->Troubleshoot, which you can find here:

image
image1018×590 30.5 KB

Kind Regads

4

Hello

Thank you for your reply. I managed to build up a site-to-site tunnel between the Teltonika RUT241 and Sophos UTM.

But the tunnel only lasts 40s and after that it changes to “Disconnected”. I tried to figure out the problem but I couldn’t find a solution.

I always get this message “received ModeCfg message when in state STATE_MAIN_I4, and we aren’t mode config client” in the Sophos UTM. After this message the connection disappear.

On the Sophos UTM the site-to-site tunnel is still connected but on the Teltonika Router is the status “Disconnected”.

I have the logs, but I can’t attach them to this reply.

best regards,
Belma

5

Hello,

When you reply with message, here you can upload file, with using this function in top
image

Also remove any personal or sensitive information from log files.

Kind Regards

6

This topic was automatically closed after 15 days. New replies are no longer allowed.