This problem is due to the presence of Cisco bug ID CSCsb92243.
When the Cisco Adaptive Security Device Manager (ASDM) 5.0(2) is used to configure VPN tunnels on the PIX or Adaptive Security Appliance (ASA), the IPsec rules do not always show up correctly under Configuration > Features > VPN > IPSec > IPSec Rules.
The rules that define the protected tunnel sometimes do not match the access-lists defined in the Command Line Interface (CLI). This is caused by the presence of static policy Network Address Translation (NAT) statements in the configuration. If the IPsec rule is then edited in ASDM, this causes an incorrect rule to be sent to the ASA.
This issue happens when a combination of the ASDM and the CLI is used to configure the rules.
As a workaround, use the CLI in order to manually edit the rules or use only the ASDM. Do not use a combination of both the ASDM and the CLI.
This issue is fixed in ASDM version 5.2, which can be downloaded from Cisco Downloads.
I am converting a existing ASA to FMC/FTD (6.4) and using the Firepower migration tool (v. 1.3.1-3051). During the "review and validation" I am wanting to change the mgmt IP (Diagnostic1/1) so that it doesn't overlap with the existing production ASA...
HiI run an MPLS backbone and try to find a way to implement Cisco GET VPN.For historical reasons, we have MPLS running on the CE devices at the customer site. That means the whole path from the customer site A, through our core till customer site B is MPL...
Have run through the steps on the EVE support site. Sometimes the device gets an IP and the GUI comes up, but will not allow me to login.Sometimes the device does not get an IP at all. I'm running the lab from my PC which is an i7 with 16GB of RAM and a 1...
Hello;I have a CISCO asa 5505 running on 9.2.4(27) and it is working with lots of configurations. I want to downgrade to the recommended version 9.1.7(32) interim. what is the procedure to do this?Can I simply put this version disk o disk0:/ and repl...
I decided to post something that may be useful to others looking at the Single Click Sponsor Portal Functionality in ISE 2.2+. I had a weird issue in our environment where some sponsors were able to use the tokenized single-click link from their ema...