diff --git a/lib/cache/cache.go b/lib/cache/cache.go
index 2eddab79f8f61..b752cdc377edd 100644
--- a/lib/cache/cache.go
+++ b/lib/cache/cache.go
@@ -171,20 +171,17 @@ func ForRemoteProxy(cfg Config) Config {
 		{Kind: types.KindTunnelConnection},
 		{Kind: types.KindAppServer},
 		{Kind: types.KindAppServer, Version: types.V2},
-		{Kind: types.KindApp},
 		{Kind: types.KindRemoteCluster},
 		{Kind: types.KindKubeService},
 		{Kind: types.KindDatabaseServer},
-		{Kind: types.KindDatabase},
 		{Kind: types.KindKubeServer},
-		{Kind: types.KindInstaller},
-		{Kind: types.KindKubernetesCluster},
 	}
 	cfg.QueueSize = defaults.ProxyQueueSize
 	return cfg
 }
 
 // ForOldRemoteProxy sets up watch configuration for older remote proxies.
+// The Watches defined here are a copy of those defined in ForRemoteProxy in the v10 branch.
 func ForOldRemoteProxy(cfg Config) Config {
 	cfg.target = "remote-proxy-old"
 	cfg.Watches = []types.WatchKind{
@@ -202,11 +199,11 @@ func ForOldRemoteProxy(cfg Config) Config {
 		{Kind: types.KindAuthServer},
 		{Kind: types.KindReverseTunnel},
 		{Kind: types.KindTunnelConnection},
+		{Kind: types.KindAppServer},
 		{Kind: types.KindAppServer, Version: types.V2},
 		{Kind: types.KindRemoteCluster},
 		{Kind: types.KindKubeService},
 		{Kind: types.KindDatabaseServer},
-		{Kind: types.KindKubeServer},
 	}
 	cfg.QueueSize = defaults.ProxyQueueSize
 	return cfg
diff --git a/lib/reversetunnel/srv.go b/lib/reversetunnel/srv.go
index 5651f61137bc6..fe5f46e686618 100644
--- a/lib/reversetunnel/srv.go
+++ b/lib/reversetunnel/srv.go
@@ -1167,12 +1167,11 @@ func newRemoteSite(srv *server, domainName string, sconn ssh.Conn) (*remoteSite,
 }
 
 // createRemoteAccessPoint creates a new access point for the remote cluster.
-// Checks if the cluster that is connecting is a pre-v8 cluster. If it is,
-// don't assume the newer organization of cluster configuration resources
-// (RFD 28) because older proxy servers will reject that causing the cache
-// to go into a re-sync loop.
+// Checks if the cluster that is connecting is a pre-v11 cluster. If it is,
+// we disable the watcher for types.KindKubeServer and types.KindKubeCluster resources
+// since both resources are not supported in a v10 leaf cluster.
 func createRemoteAccessPoint(srv *server, clt auth.ClientI, version, domainName string) (auth.RemoteProxyAccessPoint, error) {
-	ok, err := utils.MinVerWithoutPreRelease(version, utils.VersionBeforeAlpha("8.0.0"))
+	ok, err := utils.MinVerWithoutPreRelease(version, utils.VersionBeforeAlpha("11.0.0"))
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
diff --git a/lib/reversetunnel/srv_test.go b/lib/reversetunnel/srv_test.go
index 589c091f5f322..5936c9b78e336 100644
--- a/lib/reversetunnel/srv_test.go
+++ b/lib/reversetunnel/srv_test.go
@@ -168,19 +168,20 @@ func TestCreateRemoteAccessPoint(t *testing.T) {
 			assertion: require.Error,
 		},
 		{
-			name:      "remote running 9.0.0",
+			name:      "remote running 11.0.0",
 			assertion: require.NoError,
-			version:   "9.0.0",
+			version:   "11.0.0",
 		},
 		{
-			name:      "remote running 8.0.0",
-			assertion: require.NoError,
-			version:   "8.0.0",
+			name:           "remote running 10.0.0",
+			assertion:      require.NoError,
+			version:        "10.0.0",
+			oldRemoteProxy: true,
 		},
 		{
-			name:           "remote running 7.0.0",
+			name:           "remote running 9.0.0",
 			assertion:      require.NoError,
-			version:        "7.0.0",
+			version:        "9.0.0",
 			oldRemoteProxy: true,
 		},
 		{