Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 2 subscribers
  • Views 6434 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED estimates tunnel but no traffic throuh tunnel

tkaufi
Hi guys,

We´re using UTM220 Cluster and for testing issues an UTM Software with 9.103-5.

Now we want to use RED devices for smaller remote sites. Having a RED Config set up and connected the RED on an external line. The RED came up, connected to the UTM Software, got a Firmware Update from the UTM, and build up the tunnel. All 4 LEDs are green.

But i cant establish a link to a device beyond the RED. The Astaro/Sophos partner, where we bought the RED, said that the config is ok and should work.

After a while, the RED disconnects the tunnel and build it up again. This happens then every few minutes
So the questions:

1) Is there a mangle of having the correct licenses? (we have all except basic guard). But if its a mangle, why the UTM allows activating RED
2) Could it be that a second firewall (packet filter) between the provider router and the UTM blocks something. But why connect the RED to the UTM?


Regards
Thomas


This thread was automatically locked due to age.
  • 0
    Do you used the RED wizard?

    Do you have an Interface with the reds1 connected?
    Please provide a Dashboard Interface Screenshot.

    Sven

    Astaro user since 2001 - Astaro/Sophos Partner since 2008

  • 0
    hi Sven,

    we opened an case at astaro directly.
    i´ll post if there is an solution

    CU
    Thomas
  • 0 in reply to tkaufi
    Hi


    i´ll post if there is an solution


    any luck in finding solution for this issue?
    I am having the same one (UTM 220 with 9.107-33 software and RED 10)
    UTM and RED diodes are showing that the tunnel is UP but no traffic is going through the tunnel

    Regards,
    Jack
  • 0 in reply to bompel
    Hello,

    the same problem... we have a sophos 320 UTM Cluster and 1 RED 10. The Wizard for configuring the RED works fine. After plugging the RED in the Router at the Branch Office the Tunnel will be established. I can Ping in both directions. But no Traffic is possible (VPN, HTTP etc.) I know that the Goal is Reachable. Got anybody a Step by Step Guide that will show the single Steps for my UTM Settings to install a RED?

    Greets from Munich.

    PMIT
  • 0 in reply to PMIT
    Hi all,
    same problem now here with 9.109 :

    No in-tunnel frame for 60 seconds, exiting.
    id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A30000*********
    A30000********* is disconnected.

    Then ist disconnects it reconnects but no traffic through tunnel

    has anyone a solution for this till now?

    Thanks
    Firebear
  • 0
    Firebear,

    How about showing us the Wireless Protection log after you power-cycle the RED until the disconnect/reconnect that blocks traffic?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi BAlfson,

    why the Wireless Protection Log? I think its the RED Log.


    2014:03:17-09:40:07 fw002 red_server[30850]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="A30000******xx" forced="0"
    2014:03:17-09:40:07 fw002 red_server[30850]: A30000******xx: PING remote_tx=0 local_rx=0 diff=0
    2014:03:17-09:40:07 fw002 red_server[30850]: A30000******xx: PONG local_tx=0
    2014:03:17-09:40:24 fw002 red_server[30850]: A30000******xx: command 'PING 1'
    2014:03:17-09:40:24 fw002 red_server[30850]: A30000******xx: PING remote_tx=1 local_rx=0 diff=1
    2014:03:17-09:40:24 fw002 red_server[30850]: A30000******xx: PONG local_tx=1
    2014:03:17-09:40:40 fw002 red_server[30850]: A30000******xx: command 'PING 2'
    2014:03:17-09:40:40 fw002 red_server[30850]: A30000******xx: PING remote_tx=2 local_rx=0 diff=2
    2014:03:17-09:40:40 fw002 red_server[30850]: A30000******xx: PONG local_tx=2
    2014:03:17-09:41:01 fw002 red_server[30850]: A30000******xx: No in-tunnel frame for 60 seconds, exiting.
    2014:03:17-09:41:01 fw002 red_server[30850]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A30000******xx" forced="0"
    2014:03:17-09:41:01 fw002 red_server[30850]: A30000******xx is disconnected.
    2014:03:17-09:41:07 fw002 red_server[30954]: SELF: New connection from ***.***.***.*** with ID A30000******xx (cipher RC4-SHA), rev1
    2014:03:17-09:41:07 fw002 redctl[30956]: key length: 32
    2014:03:17-09:41:07 fw002 redctl[30957]: key length: 32
    2014:03:17-09:41:07 fw002 red_server[30954]: A30000******xx: connected OK, pushing config
    2014:03:17-09:41:15 fw002 red_server[30954]: A30000******xx: command 'PING 0'
    2014:03:17-09:41:15 fw002 red_server[30954]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="A30000******xx" forced="0"
    2014:03:17-09:41:15 fw002 red_server[30954]: A30000******xx: PING remote_tx=0 local_rx=0 diff=0
    2014:03:17-09:41:15 fw002 red_server[30954]: A30000******xx: PONG local_tx=0
    2014:03:17-09:41:31 fw002 red_server[30954]: A30000******xx: command 'PING 1'
    2014:03:17-09:41:31 fw002 red_server[30954]: A30000******xx: PING remote_tx=1 local_rx=0 diff=1
    2014:03:17-09:41:31 fw002 red_server[30954]: A30000******xx: PONG local_tx=1
    2014:03:17-09:41:47 fw002 red_server[30954]: A30000******xx: command 'PING 2'
    2014:03:17-09:41:47 fw002 red_server[30954]: A30000******xx: PING remote_tx=2 local_rx=0 diff=2
    2014:03:17-09:41:47 fw002 red_server[30954]: A30000******xx: PONG local_tx=2
    2014:03:17-09:42:08 fw002 red_server[30954]: A30000******xx: No in-tunnel frame for 60 seconds, exiting.
    2014:03:17-09:42:08 fw002 red_server[30954]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A30000******xx" forced="0"
    2014:03:17-09:42:08 fw002 red_server[30954]: A30000******xx is disconnected.
    2014:03:17-09:42:14 fw002 red_server[31026]: SELF: New connection from ***.***.***.*** with ID A30000******xx (cipher RC4-SHA), rev1
    2014:03:17-09:42:14 fw002 redctl[31028]: key length: 32
    2014:03:17-09:42:14 fw002 redctl[31029]: key length: 32
    2014:03:17-09:42:14 fw002 red_server[31026]: A30000******xx: connected OK, pushing config
    2014:03:17-09:42:22 fw002 red_server[31026]: A30000******xx: command 'PING 0'
    2014:03:17-09:42:22 fw002 red_server[31026]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="A30000******xx" forced="0"
  • 0
    Yes, you're right, thanks for reading what I meant and not what I wrote! [:O]

    Have you tried reflashing the RED 10? - How to recover a Sophos RED device / Sophos Access Point

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Please show a interface screenshot.

    Astaro user since 2001 - Astaro/Sophos Partner since 2008

  • 0 in reply to maygyver
    Hi,

    i gave it to the Sophos Support and it seems that temporarily only tcp Packets goes from RED to UTM. If the TCP Packets are present it seems there is a tunnel but the Tunneldata goes over UDP Packets and if there are no UDP packet, there is no intunnel data flow. If that happens the following comes into the Logs:

    --------------------------------
    2014:03:17-09:41:01 fw002 red_server[30850]: A30000******xx: No in-tunnel frame for 60 seconds, exiting.
    2014:03:17-09:41:01 fw002 red_server[30850]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A30000******xx" forced="0"
    2014:03:17-09:41:01 fw002 red_server[30850]: A30000******xx is disconnected.
    2014:03:17-09:41:07 fw002 red_server[30954]: SELF: New connection from ***.***.***.*** with ID A30000******xx (cipher RC4-SHA), rev1
    2014:03:17-09:41:07 fw002 redctl[30956]: key length: 32
    2014:03:17-09:41:07 fw002 redctl[30957]: key length: 32
    2014:03:17-09:41:07 fw002 red_server[30954]: A30000******xx: connected OK, pushing config
    2014:03:17-09:41:15 fw002 red_server[30954]: A30000******xx: command 'PING 0'
    2014:03:17-09:41:15 fw002 red_server[30954]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="A30000******xx" forced="0"
    -----------------------------------
    It looks like a router in front of the UTM was the bad-guy in my scenario.
    Thanks for your help

    firebear
Unfiltered HTML