RED Tunnel between RED10 and UTM9 disconnecting when SSL VPN User connects remotely

Question

Hi together,

Info:

I have setup a RED Tunnel between a RED10 and a UTM9, which went very seamlessly.

I was using the official Sophos knowledgebase article for information:
https://www.sophos.com/de-de/support/knowledgebase/116573.aspx

+ The devices operate in Standard/Unified Mode and I have setup the Firewall and Masqerading Rules for the RED10 in the UTM.
+ The RED10 uses a static and public Internet IP Address on its WAN Interface.

_________________________________________________________________

problem:

Everything works fine, exept when a Remote SSL VPN user connects to the UTM.

This is the RED log on the UTM. In the beginning of the copied lines the RED tunnel is already established and you can see RED10/UTM9 doing Ping/Pong.

When the remote user logs in the tunnel gets disconnected by the UTM (marked red) because of the new route (marked bold in the red text).

2015:07:03-09:17:16 sophos_utm red_server[4306]: A3200FFFFFFFFFF: PING remote_tx=40 local_rx=40 diff=0
2015:07:03-09:17:16 sophos_utm red_server[4306]: A3200FFFFFFFFFF: PONG local_tx=8
2015:07:03-09:17:32 sophos_utm red_server[4306]: A3200FFFFFFFFFF: command 'PING 41 uplink=WAN'
2015:07:03-09:17:32 sophos_utm red_server[4306]: A3200FFFFFFFFFF: PING remote_tx=41 local_rx=41 diff=0
2015:07:03-09:17:32 sophos_utm red_server[4306]: A3200FFFFFFFFFF: PONG local_tx=9
2015:07:03-09:17:49 sophos_utm red_server[4306]: A3200FFFFFFFFFF: command 'PING 44 uplink=WAN'
2015:07:03-09:17:49 sophos_utm red_server[4306]: A3200FFFFFFFFFF: PING remote_tx=44 local_rx=44 diff=0
2015:07:03-09:17:49 sophos_utm red_server[4306]: A3200FFFFFFFFFF: PONG local_tx=12
2015:07:03-09:18:05 sophos_utm red_server[4306]: A3200FFFFFFFFFF: command 'PING 50 uplink=WAN'
2015:07:03-09:18:05 sophos_utm red_server[4306]: A3200FFFFFFFFFF: PING remote_tx=50 local_rx=50 diff=0
2015:07:03-09:18:05 sophos_utm red_server[4306]: A3200FFFFFFFFFF: PONG local_tx=14
2015:07:03-09:18:19 sophos_utm red_server[4193]: SELF: (Re-)loading device configurations
2015:07:03-09:18:20 sophos_utm red_server[4193]: A3200FFFFFFFFFF: Device config value 'split_networks' changed from '172.21.0.0/16 172.18.0.0/16 172.17.0.0/16 1.2.3.4 10.0.0.0/30 192.168.252.0/22 10.0.0.4/30' to '172.21.0.0/16 172.18.0.0/16 10.0.0.4/30 172.17.0.0/16 10.242.2.6 10.0.0.0/30 1.2.3.4 192.168.252.0/22'
2015:07:03-09:18:20 sophos_utm red_server[4193]: A3200FFFFFFFFFF: Staging config for upload
2015:07:03-09:18:20 sophos_utm red_server[4193]: A3200FFFFFFFFFF: device config changed, kicking to force reconfiguration
2015:07:03-09:18:20 sophos_utm red_server[4306]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A3200FFFFFFFFFF" forced="1"
2015:07:03-09:18:21 sophos_utm red_server[4476]: UPLOAD: [A3200FFFFFFFFFF] Uploaded config to registry service
2015:07:03-09:18:21 sophos_utm red_server[4193]: SELF: (Re-)loading device configurations
2015:07:03-09:18:21 sophos_utm red_server[4306]: A3200FFFFFFFFFF is disconnected.
2015:07:03-09:18:34 sophos_utm redctl[2068]: key length: 32
2015:07:03-09:18:34 sophos_utm redctl[2069]: key length: 32
2015:07:03-09:18:34 sophos_utm red_server[2066]: SELF: New connection from 1.2.3.4 with ID A3200FFFFFFFFFF (cipher RC4-SHA), rev1Jul  3 09:18:34 red_server[2066]: A3200FFFFFFFFFF: connected OK, pushing config
2015:07:03-09:19:05 sophos_utm red_server[2066]: A3200FFFFFFFFFF: No ping for 30 seconds, exiting.
2015:07:03-09:19:05 sophos_utm red_server[2066]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A3200FFFFFFFFFF" forced="0"
2015:07:03-09:19:05 sophos_utm red_server[2066]: A3200FFFFFFFFFF is disconnected.
2015:07:03-09:20:17 sophos_utm redctl[2270]: key length: 32
2015:07:03-09:20:17 sophos_utm redctl[2271]: key length: 32
2015:07:03-09:20:17 sophos_utm red_server[2268]: SELF: New connection from 1.2.3.4 with ID A3200FFFFFFFFFF (cipher RC4-SHA), rev1Jul  3 09:20:17 red_server[2268]: A3200FFFFFFFFFF: connected OK, pushing config
2015:07:03-09:20:31 sophos_utm red_server[2284]: SELF: New connection from 1.2.3.4 with ID A3200FFFFFFFFFF (cipher RC4-SHA), rev1Jul  3 09:20:31 red_server[2284]: A3200FFFFFFFFFF: already connected, releasing old connection.
2015:07:03-09:20:31 sophos_utm red_server[2268]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A3200FFFFFFFFFF" forced="1"
2015:07:03-09:20:31 sophos_utm red_server[2268]: A3200FFFFFFFFFF is disconnected.
2015:07:03-09:20:32 sophos_utm redctl[2304]: key length: 32
2015:07:03-09:20:32 sophos_utm redctl[2305]: key length: 32
2015:07:03-09:20:32 sophos_utm red_server[2284]: A3200FFFFFFFFFF: connected OK, pushing config
2015:07:03-09:20:36 sophos_utm red_server[2284]: A3200FFFFFFFFFF: command 'UMTS_STATUS value=OK'
2015:07:03-09:20:36 sophos_utm red_server[2284]: A3200FFFFFFFFFF: command 'PING 0 uplink=WAN'
2015:07:03-09:20:36 sophos_utm red_server[2284]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="A3200FFFFFFFFFF" forced="0"
2015:07:03-09:20:37 sophos_utm red_server[4193]: SELF: (Re-)loading device configurations
2015:07:03-09:20:37 sophos_utm red_server[2284]: A3200FFFFFFFFFF: PING remote_tx=0 local_rx=0 diff=0
2015:07:03-09:20:37 sophos_utm red_server[2284]: A3200FFFFFFFFFF: PONG local_tx=0
2015:07:03-09:20:52 sophos_utm red_server[2284]: A3200FFFFFFFFFF: command 'PING 8 uplink=WAN'
2015:07:03-09:20:52 sophos_utm red_server[2284]: A3200FFFFFFFFFF: PING remote_tx=8 local_rx=8 diff=0
2015:07:03-09:20:52 sophos_utm red_server[2284]: A3200FFFFFFFFFF: PONG local_tx=1
2015:07:03-09:21:09 sophos_utm red_server[2284]: A3200FFFFFFFFFF: command 'PING 16 uplink=WAN'
2015:07:03-09:21:09 sophos_utm red_server[2284]: A3200FFFFFFFFFF: PING remote_tx=16 local_rx=16 diff=0

I don't need the route for the remote user, is there any option to get rid of this behaviour?

Thanks in advance [:)]

sHHHk

This thread was automatically locked due to age.