I upgraded two PIX 525's from 7.2(1) to 8.0(3) and I can no longer manage them across the VPN tunnels. What changed concerning management between 7.2 and 8.0? I can manage them fine as long as I'm on a machine that is behind the inside interface. All the normal management statements are in place, but no luck from across the tunnel.
Can you ping the inside interface of the ASA over the VPN tunnel? If you can't there may be an issue with split tunnel ACL. Can you post a sanitized copy of the ASA configuration?
No, I just noticed that I can't ping the inside interface anymore. This is a Site-to-Site tunnel and those ACL's haven't changed that I can see.
3 Apr 17 2008 12:55:08 713902 Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x4c6cfb8, mess id 0xbe6589f2)!
3 Apr 17 2008 12:55:08 713227 IP = x.x.x.x, Rejecting new IPSec SA negotiation for peer x.x.x.x. A negotiation was already in progress for local Proxy 172.x.x.0/255.255.255.248, remote Proxy 10.x.x.0/255.255.255.0
Above are debugs from remote PIX.
I have similar problem. We have ASA 5520. After upgrade to 8.0(3) we are not able manage device using ASDM (across Remote Access VPN). Ssh nad ping works. Any success solving this problem?