ASA 5510 Routing issues with IPSec client on second external interface
I am gradually migrating from one ISP to another, because this unit is live I have created a second outside interface (outside-2) and I have successfully exposed all server services needed i.e. SMTP, WEB and so on, however the VPN client is causing me grief. I suspect that the errors are routing related with the ipsec traffic coming in on outside-2 and then being routed out on the original outside interface generating the following messages:
Group = VPN-Users-RR, IP= x.x.x.x, Duplicate Phase 1 packet detected. Retransmitting last packet.
Group = VPN-Users-RR, IP = x.x.x.x1, P1 Retransmit msg dispatched to AM FSM
Routing failed to locate next hop for udp from NP Identity Ifc:RR_External_1/62465 to outside-2:x.x.x.x/4
I have attached a condensed version of our config.
Radius server configuration for 802.1XServer radius test1Address ipv4 10.1.1.1Key 1234!Server radius test2Address ipv4 10.1.1.2Key 1234!aaa group server radius TEST-grserver name test1server name test2!aaa authentication dot1x default group TEST-graaa aut...
One of the biggest concept in VPN Technologies is NAT Traversal, like NAT Traversal in VOIP deployment with SIP Protocol, the history is always inside the payload to solve the Incompatibility between NAT and IPSEC like the Incompatibility between SIP prot...
"What is this 'Orbital Query Corner' thing", you ask? It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ...
0. The Issue
On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability".  The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Se...