I have installed a secondary outside connection to handle client and eventually site to site vpn traffic. Client connections through the primary outside connection still work, however when a client attempts to connect through the secondary connection they receive a "Peer no longer responding" error. I can see that the PIX receives the initial IKE connection, but the status stays at AG_INIT_EXCH and eventually times out.
How do I enable the secondary connection for this scenario?
When you say secondary outside connection. Did you get another range of IP's.
If so, It will be a great challenge. As far as I understand the PIX can only have one default gateway. I'm assuming your current default gateway points to the existing internet connection. So any traffic going to the PIX through the new connection will want to return through the first connection. Assuming you can get it to work, this will defeat your efforts.
I am also assuming that you have tested and gotten the VPN to work before ordering a new line. If not get the VPN to work first then figure out how to off load the traffic.
You might also be able to use two interfaces as outside interfaces. I have never done this and it probably is more of a headache to implement and support and not recommended.
Two solutions off the top are to implement BGP with the two providers if you are in a contract you cannot get out of.
Or just up the bandwidth from your current provider.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...