Seems like a simple enough task, and yet...
This is the syslog message from the ASA:
Aug 17 10:45:40 10.22.151.50 local5.warn %ASA-4-402117: IPSEC: Received a non-IPSec packet (protocol= TCP) from CiscoworkServer to 10.22.151.50.
FYI, 151.50 is the IP of the management interface in this context, and CW is in the same subnet as the management int, with an IP of 151.99. Also, our internal ASA's are broken into three contexts, the management IP being the only interface shared amond all three. And the management int is dedicated to management-only. I have allowed http, telnet and ssh access to the ASA from CW.
When I mouse over the syslog message in the ASDM, I get this additional info: "This message is displayed when the received packet matched the crypto map ACL, but it is not IPSEC-encapsulated". Bull. I don't have any crypto maps defined in this context.
Preciate any thoughts.