Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Subscribers 29 subscribers
  • Views 20697 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG to RED connection unstable

Michael Hofrichter

Hi,

I've recently rolled out an XG 135 at our main location and placed a RED 15w at our remote office. The remote office uses a DSL connection and has 2 users. Our previous configuration was a Cisco ASA with a TPLink VPN Router and a VPN between the two offices. That would stay up and live for days. The RED device disconnects about every minute for 11-90 seconds. That instability makes the VOIP phones and internet completely unusable. There is a static IP at the remote location.

The RED device sets up a separate subnet .7.1 while the main office is on the .6.1 subnet. I've got NAT rules enabled so that traffic passes between them.  I just moved those NAT rules to the top of the list. I've tried setting the RED devices up as Standard/Unified or Standard/Split and no luck getting a stable connection for either. I've tried enabled or disabling Tunnel Compression and no change there. 

I've just disabled the Force TLS 1.2 under the RED settings, and I'll see if that makes a difference. 

I've set up two RED devices and it seems to be happening more frequently at the location that has users today (the other one is only used a couple days a week). 

Any suggestions?

Thanks,

Michael



This thread was automatically locked due to age.
Parents
  • 0

    Disabling TLS 1.2 seems to have fixed the issue.

  • 0 in reply to Michael Hofrichter

    On second thought, not actually. I'm still seeing disconnect/reconnect of about every 30 minutes, which is a dramatic improvement over every 30 seconds. 

    We have two RED devices for two remote locations. One of them only disconnected once since lunchtime. The other is doing it every 30 minutes. 

    The one that was more stable was configured as Standard/Split operation mode instead of Standard/Unified. I switched both of them there and I'll check in the morning.

    Thanks,

  • 0 in reply to Michael Hofrichter

    Hi Michael,

    How did you go around this issue? I'm in the middle of rolling out RED 50 devices and wondering if I will hit the same issue. Would be great to know if you had to do anything specific to get around disconnections.

    Cheers.

  • 0 in reply to PGP

    They're still both down. I've been out on Paternity leave and haven't had a chance to spend time to troubleshoot. At this point, I want to visit the sites, bring them back to the main office, make sure that the firmware's been updated (since a new pattern rolled out recently), and see if they'll connect now. The biggest problem is that I have no cell phone service at our two remote sites and part of getting the RED connection up is to allow our VPN phones to work, so once I'm on site, I can't call tech support. 

     

  • 0 in reply to Michael Hofrichter

    Not that this helps you any, but I recently deployed a RED 15 to a remote office (running business class cable modem with a static IP), using the TLS 1.2 option, and I am not having any connection drop outs or issues, the RED tunnel comes up quickly and is stable.  I did deploy this right after the firmware pattern update you mentioned, so I am not sure if that is the reason for my success or not.

  • 0 in reply to Bill Roland

    Finally had a chance to come back and troubleshoot these. I got the RED firmware updated to 2.0.007 and then re-rolled them out. Everything seems to be working now. I'm actually a little afraid of breaking them by upgrading to 2.0.008 or enabling TLS 1.2 or compression. 

  • 0 in reply to Michael Hofrichter

    Good question!

    I know that compression is causing some issue on RED tunnel. For the RED firmware upgrade, who knows what is fixed. Also if you need to go back to previous RED firmware, where is the procedure?

    is it possible to rollback even on RED/AP firmware?

    Thanks

  • 0 in reply to Michael Hofrichter

    Glad to hear they are working for you.  Just as an FYI, I upgraded to 2.0.008 and have had no trouble, and also am using TLS 1.2 with no trouble as well.  I have tunnel compression disabled because it caused some problems when I was first setting up my RED device.  I haven't re-enabled it to see if things are resolved now or not.

Reply
  • 0 in reply to Michael Hofrichter

    Glad to hear they are working for you.  Just as an FYI, I upgraded to 2.0.008 and have had no trouble, and also am using TLS 1.2 with no trouble as well.  I have tunnel compression disabled because it caused some problems when I was first setting up my RED device.  I haven't re-enabled it to see if things are resolved now or not.

Children
No Data