05-16-2008 12:43 AM - edited 02-21-2020 03:43 PM
Hi all,
I've this annoying problem.
I've a pix525 with 8.0(3) release, and I've enable Nat-t, with
enable ipsec over nat-t
checkbox (from Configuration - Remote Access VPN - Advanced - IKE Parameters).
Pix525 is connected in failover configuration to another pix525.
When I reload one firewall, this configuration disappear, so I must reenalble it everytime this happen.
I've noticed that this happen also with a couple of ASA5510 and of PIX515, with same release.
If I disable failover (and I use only one firewall), this doesn't happen.
Any idea?
Thanks
Daniele
05-16-2008 02:03 AM
Daniele,
I have seen this myself using the ASDM, configure the setting from the CLI and wr mem. Especially lookout for:-
device# wr mem
Building configuration...
Cryptochecksum: 65765026 3c703ddd 8d529956 e7239708
30935 bytes copied in 3.640 secs (10311 bytes/sec)
[OK]
device#
The above indicates the primary device has written the config changes to the standby device.
HTH.
05-16-2008 06:20 AM
I think this is a bug. The workaround is to use a nondefault value...
crypto isakmp nat-traversal 21 (not the default 20)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide