Cannot establish TLS connection over TCP for MongoDB

Hi, we are trying to setup ingressgateway to receive TLS connection at our LoadBalancer and then connect to MongoDB using TLS termination but failed. The purpose is we want to let client access the DB with domain name.

We have tried to connect to MongoDB without TLS, just TCP and it works fine. And also we have tried the simple httpbin with secure gateway (HTTPS) https://istio.io/docs/tasks/traffic-management/ingress/secure-ingress-mount/
It works fine also.

Expectation: Client can establish connection to MongoDB using domain name.

What could be wrong from my configuration?

Gateway connection:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mongo-gateway
  namespace: mongo-test
spec:
  selector:
    istio: ingressgateway 
  servers:
  - port:
      number: 31402
      name: mgo2
      protocol: TLS
    tls:
      mode: SIMPLE
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
      privateKey: /etc/istio/ingressgateway-certs/tls.key
    hosts:
     - "*.example.com"

Virtual Service

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: v1m2-mongodb
  namespace: mongo-test
spec:
  hosts:
  - "mongodb.example.com"
  gateways:
  - mongo-gateway
  tcp:
  - match:
    route:
    - destination:
        host: v1m2-mongodb
        port:
          number: 27018

AKS with kube v.1.12
Istio 1.2.0