05-16-2008 12:43 AM - edited 02-21-2020 03:43 PM
Hi all,
I've this annoying problem.
I've a pix525 with 8.0(3) release, and I've enable Nat-t, with
enable ipsec over nat-t
checkbox (from Configuration - Remote Access VPN - Advanced - IKE Parameters).
Pix525 is connected in failover configuration to another pix525.
When I reload one firewall, this configuration disappear, so I must reenalble it everytime this happen.
I've noticed that this happen also with a couple of ASA5510 and of PIX515, with same release.
If I disable failover (and I use only one firewall), this doesn't happen.
Any idea?
Thanks
Daniele
05-16-2008 02:03 AM
Daniele,
I have seen this myself using the ASDM, configure the setting from the CLI and wr mem. Especially lookout for:-
device# wr mem
Building configuration...
Cryptochecksum: 65765026 3c703ddd 8d529956 e7239708
30935 bytes copied in 3.640 secs (10311 bytes/sec)
[OK]
device#
The above indicates the primary device has written the config changes to the standby device.
HTH.
05-16-2008 06:20 AM
I think this is a bug. The workaround is to use a nondefault value...
crypto isakmp nat-traversal 21 (not the default 20)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: