Route Based IPSec tunnel between RUT 240 and Juniper

Hi,

I was hoping to get some guidance on some routing issue that I’m having with the Teltonika RUT 240 device.

We establish IPSec tunnels in bulk between Juniper SRX and other Junipers and Fortigates.

This is the first time we’re using Teltonika kit to terminate the tunnel on.

It’s a route based tunnel.

As far as I can see, the tunnel is UP but I can’t seem to ping the tunnel end IP of Teltonika.

Juniper: 172.18.18.246
Teltonika: 172.18.18.247

Interestingly, I can ping Juniper’s tunnel address from Teltonika but not the other way around.

We’re also trying to establish BGP over this tunnel interface but unable to do so.

The reason is Teltonika isn’t responding to TCP_SYN packets from Juniper.

Any help would be appreciated.

Happy to share the config.

Regards,
Raman

Hello Raman

Welcome to the Teltonika Community :smiley:

The usual culprit in these scenarios would be to do with Firewall when such cases arrive, While testing we make sure that the firewall is turned off for the PC connected to the Teltonika device

Also,Ensure that the IPSec configurations on both sides (Juniper and Teltonika) match, including encryption, authentication, and phase settings. Verify that the tunnel is UP on both ends.

It is kind of restricted to imagine the topology here, can you kindly provide the topology that you are following

Also are you able to do the same with Fortigate and the issue persist when our device is connected to Juniper devices

Kindly let us know if any queries

Thanks

Hello Rashid,

Thanks for the response.

The tunnel is UP.

Packets are coming in but can’t get out.

Definitely sounds like a firewall issue on RUT240.

I’m just testing from the Teltonika device and not from device connected behind it.

Topology is pretty straightforward.

RUT is connected to ISP and all traffic is allowed IN and OUT.

Other end is a Juniper SRX that resides at a DC.

I think the issue might be with the virtual tunnel interface as well.

We have a point-2-point private subnet for virtual tunnel interface.

Shall I extract the ‘Troubleshoot file’ under System > Troubleshoot?

Regards,
Raman

Hi Rtiwana,
Sure, that would be really helpful. Could you please send the configuration and troubleshooting files?

Best Regards

This topic was automatically closed after 15 days. New replies are no longer allowed.