RED tunnel can't reconnect automatically

Dear All,
Our customer's branch is in China.
China block the IPsec VPN to other world, so we build the site to site vpn with RED tunnel between head and branch office.

The RED protocol works great.
But the RED tunnel will not reconnect automatically when the connection failed.
We only can restart the connection manually...

Any suggestion?

  • Can you tell us, which site causes this issue? XG or RED? 

    Do you see the RED trying to connect to the XG and failing or is there simply "nothing" in the RED log on XG? 

    Did you perform a dump on Port 3410 and Port 3400 while this issue occurs? 

  • In reply to LuCar Toni:

    Two sites use XG appliance both.

    HeadOffice is XG210 (SFOS 16.05.8 MR-8),

    BranchOffice is XG115 (SFOS 17.1.3 MR-3).

     

    When the RED connection failed, the connect status still show "Uplink IP: XXX.XXX.XXX.XXX" on HeadOffice's XG.

    I need to stop the RED, and start it again to make the connection work really.

    Any suggestion?

     

  • In reply to ShunzeLee:

    found this in a KB 

    "

    If you see the tunnel constantly going up and down you may need to disable hardware acceleration.

    Logon to the console of the XG and issue the following commands.

    • console> system firewall-acceleration show
    This command will show whether or not hardware acceleration is enabled.
    • console> system firewall-acceleration disable
    This command disables the hardware acceleration and should stop the RED tunnel from disconnecting

    "

     

     

    KB: https://community.sophos.com/kb/en-us/126454

  • In reply to Mark Darvell:

    Thanks for reply.

    But the RED status always show "Uplink" but not up and down.

    It should be different issue.

  • In reply to ShunzeLee:

    Would suggest to update this V16 Appliance. You are couple of bug fixes behind... 

  • verify both are are on 17.x sfos as was said, verify isp equipment firewalling is not interfering, verify both are on latest RED firmware at the backup & firmware >> pattern updates screen, review /log/red.log + /log/syslog.log + /log/networkd.log file contents at the time of problems.

  • In reply to momentum:

    Thanks for reply.

    The issue doesn't happen again.

    So maybe it is a special case.