ASA 5510 Routing issues with IPSec client on second external interface
I am gradually migrating from one ISP to another, because this unit is live I have created a second outside interface (outside-2) and I have successfully exposed all server services needed i.e. SMTP, WEB and so on, however the VPN client is causing me grief. I suspect that the errors are routing related with the ipsec traffic coming in on outside-2 and then being routed out on the original outside interface generating the following messages:
Group = VPN-Users-RR, IP= x.x.x.x, Duplicate Phase 1 packet detected. Retransmitting last packet.
Group = VPN-Users-RR, IP = x.x.x.x1, P1 Retransmit msg dispatched to AM FSM
Routing failed to locate next hop for udp from NP Identity Ifc:RR_External_1/62465 to outside-2:x.x.x.x/4
I have attached a condensed version of our config.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...