×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

If the ASDM 5.x is used, the PIX Device Manager IPsec rules display incorrectly when static policy NAT is used

Document

Wed, 07/22/2009 - 19:27
Jun 22nd, 2009
User Badges:
  • Gold, 750 points or more

Core issue

This problem is due to the presence of Cisco bug ID CSCsb92243.

When the Cisco Adaptive Security Device Manager (ASDM) 5.0(2) is used to configure VPN tunnels on the PIX or Adaptive Security Appliance (ASA), the IPsec rules do not always show up correctly under Configuration > Features > VPN > IPSec  > IPSec Rules.

The rules that define the protected tunnel sometimes do not match the access-lists defined in the Command Line Interface (CLI). This is caused by the presence of static policy Network Address Translation (NAT) statements in the configuration. If the IPsec rule is then edited in ASDM, this causes an incorrect rule to be sent to the ASA.

This issue happens when a combination of the ASDM and the CLI is used to configure the rules.


Resolution

As a workaround, use the CLI in order to manually edit the rules or use only the ASDM. Do not use a combination of both the ASDM and the CLI.

This issue is fixed in ASDM version 5.2, which can be downloaded from Cisco Downloads.

Loading.

Actions

This Document

Related Content