Showing results for 
Search instead for 
Did you mean: 
Cisco Community November 2020 Spotlight Award Winners

If the ASDM 5.x is used, the PIX Device Manager IPsec rules display incorrectly when static policy NAT is used


Core issue

This problem is due to the presence of Cisco bug ID CSCsb92243.

When the Cisco Adaptive Security Device Manager (ASDM) 5.0(2) is used to configure VPN tunnels on the PIX or Adaptive Security Appliance (ASA), the IPsec rules do not always show up correctly under Configuration > Features > VPN > IPSec  > IPSec Rules.

The rules that define the protected tunnel sometimes do not match the access-lists defined in the Command Line Interface (CLI). This is caused by the presence of static policy Network Address Translation (NAT) statements in the configuration. If the IPsec rule is then edited in ASDM, this causes an incorrect rule to be sent to the ASA.

This issue happens when a combination of the ASDM and the CLI is used to configure the rules.


As a workaround, use the CLI in order to manually edit the rules or use only the ASDM. Do not use a combination of both the ASDM and the CLI.

This issue is fixed in ASDM version 5.2, which can be downloaded from Cisco Downloads.

Content for Community-Ad