Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
904
Views
0
Helpful
0
Comments

If the ASDM 5.x is used, the PIX Device Manager IPsec rules display incorrectly when static policy NAT is used

TCC_2
Level 10
Level 10

‎06-22-2009 04:02 PM - edited ‎03-08-2019 06:10 PM

Core issue

This problem is due to the presence of Cisco bug ID CSCsb92243.

When the Cisco Adaptive Security Device Manager (ASDM) 5.0(2) is used to configure VPN tunnels on the PIX or Adaptive Security Appliance (ASA), the IPsec rules do not always show up correctly under Configuration > Features > VPN > IPSec  > IPSec Rules.

The rules that define the protected tunnel sometimes do not match the access-lists defined in the Command Line Interface (CLI). This is caused by the presence of static policy Network Address Translation (NAT) statements in the configuration. If the IPsec rule is then edited in ASDM, this causes an incorrect rule to be sent to the ASA.

This issue happens when a combination of the ASDM and the CLI is used to configure the rules.

Resolution

As a workaround, use the CLI in order to manually edit the rules or use only the ASDM. Do not use a combination of both the ASDM and the CLI.

This issue is fixed in ASDM version 5.2, which can be downloaded from Cisco Downloads.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents