Hello all,
I've an ASA5506 previously configured with one outside interface. This interface is used for both internet for employees and Site-to-Site VPN for external companies...
The ISP is renewing its equipment and added a new modem/circuit before removing the old one.
I configured then a new external interface to be able to migrate all VPN connections one by one, but I am facing an issue.
My idea was to keep the 2 interfaces active and first migrate internet access to the new line and then migrate the S2S VPNs one by one, then once validated remove the old connection.
So I created a new route for the 0.0.0.0 traffic to go through the new interface but with a lower Metric "2", then I changed the "outside" Metric to "3" in order to redirect the internet traffic to the new interface.
-route outside 0.0.0.0 0.0.0.0 <publicIP_1> 1 (->3)
-route newISP 0.0.0.0 0.0.0.0 <publicIP_2> 2
... and it worked fine! excepted that all the VPN connected companies lost access to our internal network (oups!). I reverted back the route metric asap and didn't have time to investigate/troubleshoot the problem. Of course, now I am a bit afraid with going any further with new changes.
Do you have idea what I could have done wrong?
Thanks a lot in advance for your help!