Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5510 blocking vpn traffic states internal devices are on Mgmt Network

Just switched over from an ASA5505 to the ASA 5510 today and in the process of setting up the Remote Access VPN connection.  Ran the wizard using asdm and setup the vpn - worked like a charm, installed a few programs remotely and all was well.

Well i went into the Interfaces menu(ASDM) and selected "Enable traffic between two or more interfaces which are configured with same security levels"

After that point, all vpn connections cannot connect to any internal machines - firewall log says:

Through the device packet to/from management network is denied; icmp src management: dst outside:192.168.ff1.175(type0, code0)  the 175 is the vpn computer connected.

Problem is is on the internal network not the management network so why does it apply the management acl? 

I've gone back and disabled traffic between like security level interfaces and still no go.   Thinks all internals are on management interface and i can't figure it out.

All other communications are fine at this point - just the vpn clients get this message.

Thanks in advance,



Re: ASA5510 blocking vpn traffic states internal devices are on


Seems something got messed-up in the configuration.

Can you post the relevant part of your configuration?


New Member

Re: ASA5510 blocking vpn traffic states internal devices are on

Well I did eventually figure out a way around this.

We were using an ip address pool in the same subnet as our internal network - this was a problem.

I created a new vlan for the vpn - setup split tunneling on the connection to expose our internal network to that vlan and all is working fine now.

Cisco Newb