- Gold, 750 points or more
This problem is due to the presence of Cisco bug ID CSCsb92243.
When the Cisco Adaptive Security Device Manager (ASDM) 5.0(2) is used to configure VPN tunnels on the PIX or Adaptive Security Appliance (ASA), the IPsec rules do not always show up correctly under Configuration > Features > VPN > IPSec > IPSec Rules.
The rules that define the protected tunnel sometimes do not match the access-lists defined in the Command Line Interface (CLI). This is caused by the presence of static policy Network Address Translation (NAT) statements in the configuration. If the IPsec rule is then edited in ASDM, this causes an incorrect rule to be sent to the ASA.
This issue happens when a combination of the ASDM and the CLI is used to configure the rules.
As a workaround, use the CLI in order to manually edit the rules or use only the ASDM. Do not use a combination of both the ASDM and the CLI.
This issue is fixed in ASDM version 5.2, which can be downloaded from Cisco Downloads.