Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
2
Replies

enable ipsec over nat-t disappear

dimensyssrl
Level 1
Level 1

‎05-16-2008 12:43 AM - edited ‎02-21-2020 03:43 PM

Hi all,

I've this annoying problem.

I've a pix525 with 8.0(3) release, and I've enable Nat-t, with

enable ipsec over nat-t

checkbox (from Configuration - Remote Access VPN - Advanced - IKE Parameters).

Pix525 is connected in failover configuration to another pix525.

When I reload one firewall, this configuration disappear, so I must reenalble it everytime this happen.

I've noticed that this happen also with a couple of ASA5510 and of PIX515, with same release.

If I disable failover (and I use only one firewall), this doesn't happen.

Any idea?

Thanks

Daniele

Labels:
0 Helpful
2 Replies 2

andrew.prince
Level 10
Level 10

‎05-16-2008 02:03 AM

Daniele,

I have seen this myself using the ASDM, configure the setting from the CLI and wr mem. Especially lookout for:-

device# wr mem

Building configuration...

Cryptochecksum: 65765026 3c703ddd 8d529956 e7239708

30935 bytes copied in 3.640 secs (10311 bytes/sec)

[OK]

device#

The above indicates the primary device has written the config changes to the standby device.

HTH.

0 Helpful

acomiskey
Level 10
Level 10
In response to andrew.prince

‎05-16-2008 06:20 AM

I think this is a bug. The workaround is to use a nondefault value...

crypto isakmp nat-traversal 21 (not the default 20)

0 Helpful
Customers Also Viewed These Support Documents