RUT240 Ipsec connection

szabadost · December 11, 2024, 1:20pm

Hello, my first problem :
I want to add RUT240 devices to a mikrotik ROuterOS and Paloalto network.
I use IPsec site-to-site connections with X.509 certificates., Use NAT-Traversal
Connecting to palolato IPSec works, but here I have to enter the remote network with the destination address 0.0.0.0/0. I would like it if 172.16.10.50 could access the Internet from my LAN network, which has an address such as 172.16.10.0/24. Since 0.0.0.0/0 is the address of the IPsec channel, all traffic goes into the tunnel.But I want that this IP address 172.16.10.50 could go to the tunnel and go to the internet. What I need to do.

Second problem
I would like another LAN range for the RUT240 e.g. 172.29.10.0/24, and I want all these addresses to go to the ROuter OS Ipsec channel.
Unfortunately, ROuter OS Ipsec Channel does not work. I didn’t figure out why. Its settings are very similar to my Paloalto configuration.

This is the ROuterOS Ipsec log from RUT240:
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 07[ENC] <rut-rut_c|49> initiating Main Mode IKE_SA rut-rut_c[49] to x.x.x.x
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 07[ENC] <rut-rut_c|49> generating ID_PROT request 0 [ SA V V V V V ]
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 07[NET] <rut-rut_c|49> sending packet: from x.x.x.1[500] to x.x.x.x[500] (248 bytes)
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 06[NET] <rut-rut_c|49> received packet: from x.x.x.x[500] to x.x.x.1[500] (160 bytes)
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 06[ENC] <rut-rut_c|49> parsed ID_PROT response 0 [ SA V V V V ]
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 06[IKE] <rut-rut_c|49> received NAT-T (RFC 3947) vendor ID
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 06[IKE] <rut-rut_c|49> received XAuth vendor ID
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 06[IKE] <rut-rut_c|49> received DPD vendor ID
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 06[IKE] <rut-rut_c|49> received FRAGMENTATION vendor ID
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 06[CFG] <rut-rut_c|49> selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 06[ENC] <rut-rut_c|49> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 06[NET] <rut-rut_c|49> sending packet: from x.x.x.1[500] to x.x.x.x[500] (308 bytes)
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 16[NET] <rut-rut_c|49> received packet: from x.x.x.x[500] to x.x.x.1[500] (300 bytes)
Wed Dec 11 14:10:10 2024 daemon.info ipsec: 16[ENC] <rut-rut_c|49> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Wed Dec 11 14:10:11 2024 daemon.info ipsec: 16[IKE] <rut-rut_c|49> sending cert request for “CN=x.x.x.x”
Wed Dec 11 14:10:11 2024 daemon.info ipsec: 16[IKE] <rut-rut_c|49> sending cert request for “CN=x.x.x.x”
Wed Dec 11 14:10:11 2024 daemon.info ipsec: 16[IKE] <rut-rut_c|49> sending cert request for “CN=ca”
Wed Dec 11 14:10:11 2024 daemon.info ipsec: 16[IKE] <rut-rut_c|49> authentication of ‘CN=rutnet1_client76’ (myself) successful
Wed Dec 11 14:10:11 2024 daemon.info ipsec: 16[ENC] <rut-rut_c|49> generating ID_PROT request 0 [ ID SIG CERTREQ CERTREQ CERTREQ N(INITIAL_CONTACT) ]
Wed Dec 11 14:10:11 2024 daemon.info ipsec: 16[NET] <rut-rut_c|49> sending packet: from x.x.x.1[4500] to x.x.x.x[4500] (444 bytes)
Wed Dec 11 14:10:15 2024 daemon.info ipsec: 07[IKE] <rut-rut_c|49> sending retransmit 1 of request message ID 0, seq 3
Wed Dec 11 14:10:15 2024 daemon.info ipsec: 07[NET] <rut-rut_c|49> sending packet: from x.x.x.1[4500] to x.x.x.x[4500] (444 bytes)
Wed Dec 11 14:10:20 2024 daemon.info ipsec: 11[NET] <rut-rut_c|49> received packet: from x.x.x.x[4500] to x.x.x.1[4500] (300 bytes)
Wed Dec 11 14:10:20 2024 daemon.info ipsec: 11[IKE] <rut-rut_c|49> received retransmit of response with ID 0, but next request already sent
Wed Dec 11 14:10:22 2024 daemon.info ipsec: 07[IKE] <rut-rut_c|49> sending retransmit 2 of request message ID 0, seq 3
Wed Dec 11 14:10:22 2024 daemon.info ipsec: 07[NET] <rut-rut_c|49> sending packet: from x.x.x.1[4500] to x.x.x.x[4500] (444 bytes)
Wed Dec 11 14:10:30 2024 daemon.info ipsec: 09[NET] <rut-rut_c|49> received packet: from x.x.x.x[4500] to x.x.x.1[4500] (300 bytes)
Wed Dec 11 14:10:30 2024 daemon.info ipsec: 09[IKE] <rut-rut_c|49> received retransmit of response with ID 0, but next request already sent
Wed Dec 11 14:10:35 2024 daemon.info ipsec: 10[IKE] <rut-rut_c|49> sending retransmit 3 of request message ID 0, seq 3
Wed Dec 11 14:10:35 2024 daemon.info ipsec: 10[NET] <rut-rut_c|49> sending packet: from x.x.x.1[4500] to x.x.x.x[4500] (444 bytes)
Wed Dec 11 14:10:40 2024 daemon.info ipsec: 12[NET] <rut-rut_c|49> received packet: from x.x.x.x[4500] to x.x.x.1[4500] (300 bytes)
Wed Dec 11 14:10:40 2024 daemon.info ipsec: 12[IKE] <rut-rut_c|49> received retransmit of response with ID 0, but next request already sent

Could you help to solve the problem.

system · February 9, 2025, 1:20pm

This topic was automatically closed after 60 days. New replies are no longer allowed.