enable ipsec over nat-t disappear

Unanswered Question
May 16th, 2008

Hi all,

I've this annoying problem.

I've a pix525 with 8.0(3) release, and I've enable Nat-t, with

enable ipsec over nat-t

checkbox (from Configuration - Remote Access VPN - Advanced - IKE Parameters).

Pix525 is connected in failover configuration to another pix525.

When I reload one firewall, this configuration disappear, so I must reenalble it everytime this happen.

I've noticed that this happen also with a couple of ASA5510 and of PIX515, with same release.

If I disable failover (and I use only one firewall), this doesn't happen.

Any idea?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


I have seen this myself using the ASDM, configure the setting from the CLI and wr mem. Especially lookout for:-

device# wr mem

Building configuration...

Cryptochecksum: 65765026 3c703ddd 8d529956 e7239708

30935 bytes copied in 3.640 secs (10311 bytes/sec)



The above indicates the primary device has written the config changes to the standby device.


acomiskey Fri, 05/16/2008 - 06:20

I think this is a bug. The workaround is to use a nondefault value...

crypto isakmp nat-traversal 21 (not the default 20)


This Discussion