ASA loses NAT-T Config for Remote Access

Unanswered Question
Apr 24th, 2008
User Badges:

Hi,


i have a problem with an ASA 5505.

I have configured NAT-T for the remote access via IPSec and the cisco vpn client.

My ASA loses this config option once a day.

I configure NAT-T with a lifetime of 30 seconds, apply and save to flash.

The next day, there is no NAT-T configured anymore.

I suspect this happens when the ASA is re-establishing the internet connection.


Does anybody have a hint how to make this config option stay permanent?


Thanks in advance and best regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Thu, 04/24/2008 - 05:50
User Badges:
  • Green, 3000 points or more

There was a bug that would remove the nat-traversal command when the ASA was rebooted. The workaround was to assign a non-default lifetime value. For example...


crypto isakmp nat-traversal 21


If you've set it to 30, you've already done the workaround. Was version of ASA?

thomashaecker Thu, 04/24/2008 - 06:39
User Badges:

I also recogniced i have to choose a value different from he default, thats why i chose 30.


The ASA is not rebooting (at least the uptime says that).

I am also monitoring this device with Nagios from an external server in the internet, it does not seem the device is rebooting (or it would be rebooting very fast).

I suggest it happens when the internet connection is re-established but i am not sure about hat.


Funny thing is, i have other ASAs running with version 8.0(2) which does not have this problem.

We also already replaced it with a new one, reconfigured it, but the behaviour is always the same.

thomashaecker Mon, 05/12/2008 - 00:39
User Badges:

Can anybody tell me if this is a known bug or am i just not able to configure an ASA correctly?

srue Tue, 05/13/2008 - 11:15
User Badges:
  • Blue, 1500 points or more

have you tried upgrading to 8.0(3)

thomashaecker Tue, 05/13/2008 - 22:23
User Badges:

Seems to me 8.0(3) is only accessible to users with a support contract.


As i do not have one, is there any chance for me to get 8.0(3)?

zorric.sia Thu, 11/06/2008 - 17:14
User Badges:

I am having this issue on 8.0(3). The weird thing is, only my Vista users cannot connect via VPN if Nat-T is not configured.



Actions

This Discussion