Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 2 subscribers
  • Views 6433 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED estimates tunnel but no traffic throuh tunnel

tkaufi
Hi guys,

We´re using UTM220 Cluster and for testing issues an UTM Software with 9.103-5.

Now we want to use RED devices for smaller remote sites. Having a RED Config set up and connected the RED on an external line. The RED came up, connected to the UTM Software, got a Firmware Update from the UTM, and build up the tunnel. All 4 LEDs are green.

But i cant establish a link to a device beyond the RED. The Astaro/Sophos partner, where we bought the RED, said that the config is ok and should work.

After a while, the RED disconnects the tunnel and build it up again. This happens then every few minutes
So the questions:

1) Is there a mangle of having the correct licenses? (we have all except basic guard). But if its a mangle, why the UTM allows activating RED
2) Could it be that a second firewall (packet filter) between the provider router and the UTM blocks something. But why connect the RED to the UTM?


Regards
Thomas


This thread was automatically locked due to age.
Parents
  • 0
    Please show a interface screenshot.

    Astaro user since 2001 - Astaro/Sophos Partner since 2008

  • 0 in reply to maygyver
    Hi,

    i gave it to the Sophos Support and it seems that temporarily only tcp Packets goes from RED to UTM. If the TCP Packets are present it seems there is a tunnel but the Tunneldata goes over UDP Packets and if there are no UDP packet, there is no intunnel data flow. If that happens the following comes into the Logs:

    --------------------------------
    2014:03:17-09:41:01 fw002 red_server[30850]: A30000******xx: No in-tunnel frame for 60 seconds, exiting.
    2014:03:17-09:41:01 fw002 red_server[30850]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A30000******xx" forced="0"
    2014:03:17-09:41:01 fw002 red_server[30850]: A30000******xx is disconnected.
    2014:03:17-09:41:07 fw002 red_server[30954]: SELF: New connection from ***.***.***.*** with ID A30000******xx (cipher RC4-SHA), rev1
    2014:03:17-09:41:07 fw002 redctl[30956]: key length: 32
    2014:03:17-09:41:07 fw002 redctl[30957]: key length: 32
    2014:03:17-09:41:07 fw002 red_server[30954]: A30000******xx: connected OK, pushing config
    2014:03:17-09:41:15 fw002 red_server[30954]: A30000******xx: command 'PING 0'
    2014:03:17-09:41:15 fw002 red_server[30954]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="A30000******xx" forced="0"
    -----------------------------------
    It looks like a router in front of the UTM was the bad-guy in my scenario.
    Thanks for your help

    firebear
Reply
  • 0 in reply to maygyver
    Hi,

    i gave it to the Sophos Support and it seems that temporarily only tcp Packets goes from RED to UTM. If the TCP Packets are present it seems there is a tunnel but the Tunneldata goes over UDP Packets and if there are no UDP packet, there is no intunnel data flow. If that happens the following comes into the Logs:

    --------------------------------
    2014:03:17-09:41:01 fw002 red_server[30850]: A30000******xx: No in-tunnel frame for 60 seconds, exiting.
    2014:03:17-09:41:01 fw002 red_server[30850]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A30000******xx" forced="0"
    2014:03:17-09:41:01 fw002 red_server[30850]: A30000******xx is disconnected.
    2014:03:17-09:41:07 fw002 red_server[30954]: SELF: New connection from ***.***.***.*** with ID A30000******xx (cipher RC4-SHA), rev1
    2014:03:17-09:41:07 fw002 redctl[30956]: key length: 32
    2014:03:17-09:41:07 fw002 redctl[30957]: key length: 32
    2014:03:17-09:41:07 fw002 red_server[30954]: A30000******xx: connected OK, pushing config
    2014:03:17-09:41:15 fw002 red_server[30954]: A30000******xx: command 'PING 0'
    2014:03:17-09:41:15 fw002 red_server[30954]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="A30000******xx" forced="0"
    -----------------------------------
    It looks like a router in front of the UTM was the bad-guy in my scenario.
    Thanks for your help

    firebear
Children
No Data
Unfiltered HTML