RUTX50 IPSEC Multiple remote subnets

Networking Solutions Issue
1

Hi all,

IPSec tunnel between RUTX50 and Prisma.
A couple of local networks 10.176.x.x, Remote networks 10.0.0.0/8 and 100.64.0.0/10.
Compatibility mode on, Passthrough configured.

The problem is that only one supernet works at a time. Either 10 or 100. Not from both at the same time.

swanctl -l shows only one remote subnet. The one that works.

What am I missing here?

2

Hi, @daccor

Welcome to community. :sunglasses:

Can you check your ipsec routes? Are they not override one with other?

Sample command to type at cli:

command: swanctl --list-sas | grep remote

Result:

remote ‘192.168.7.1’ @ 1.2.3.4[4500]
remote 192.168.7.0/25
remote 192.168.154.0/25

3

Hi @Marcelo.Barros;

Thanks for the warm welcome. Long time lurker here.

swanctl --list-sas | grep remote shows only one remote network, even though two remote subnets are configured on the IPSec tunnel :thinking:.

Edit..
Well.. it showed both after I made a small change on the IPSec tunnel and clicked save and apply. But after reboot it only shows the first one… Same with local networks.. why is it doing that?

5

and not overlapping your networks?

6

2026-04-20 13_20_55-SAP Logon 800
2026-04-20 13_20_55-SAP Logon 800507×357 17.3 KB

2026-04-20 13_21_18-SAP Logon 800
2026-04-20 13_21_18-SAP Logon 800456×249 10.4 KB

Well.. now when you say it. Local and remote are overlapping. Is there any way to make swanctl work in this configuration?

7

Hello, @daccor ,

Thanks for reaching out!

Based on your description, the IPSec tunnel is successfully established, however only one remote subnet appears to be active at a time, while the other is not being used.

To help us investigate further, could you please clarify the following:

  1. What firmware version is currently installed on your RUTX50?
  2. On the remote device (e.g., Prisma), do you see separate IPSec connections for each subnet, or only one active connection?
  3. Does the issue persist if you configure separate IPSec tunnels for each subnet pair?
  4. Are both subnets configured the same way on the remote (Prisma) side?

Kind regards,
V.

8

Hi Vilius,

  1. RUTX_R_00.07.21.3
  2. Only one active connection
  3. I would say so. When configured two IPSec tunnels on Teltonika with the only difference on remote subnets, only one gets established.
  4. On the Prisma side, the only thing we configure for the tunnel is remote subnets, which in this case are 10.176.186.x. I have found an error there and have asked for correction.

Will report back shortly.

9

first screen… you have some networks… /25 and /27

second screen… you have a super net /8 overlapping everything!

also… overlapping /10

10

Hello,

For troubleshooting purposes, we will require more sensitive information from your end, such as the troubleshoot file, which may contain passwords, public IP addresses, serial numbers, and such. To avoid leaking this information, we have sent you a form to fill out, which you will receive in your e-mail inbox that you have registered your account with in the forums. In the Ticket ID field of the form, please enter the ID of this thread, which is 18910.

Please let me know once you filled out the form.

Thank you,
V.

11

Hi Marcelo,

You are right to some degree. We have over 1000 sites. All using 10.x.
10.0.0.0/8 is overlapping everything, this is true, however, this set up works with other products. /10 is not overlapped as it is 100.x

12

Hi Vilius, The form is filled.

13

Hi Vilius,

Did you get the troubleshooting files?

14

Hello,

I can confirm that I have received the file, I will keep you updated once I have more information on the matter.

Best regards,
V.

15

Hi Vilius,

Any updates on this?