ASA 5510 nat-traversal problem

Unanswered Question
Nov 13th, 2008

Our ASA 5510 has sw ver 8.0(2) and DM ver 6.0(2). Through ASDM on the menu Configuration>Site-to-site VPN>Advanced>IKE parameters under NAT transparency we checked "Enable IPSec over NAT-T" and wrote config to startup and also we did it manually. After power failure and start ASA 5510 lost this part from config file. So we have to put command "crypto isakmp nat-traversal" manually. Because through ASDM it hasn't effect. It's happened two times.

Any idea?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nefkensp Thu, 11/13/2008 - 06:34


There are two bugs that could be related to it. If you have access to the bug toolkit, check CSCsj52581 and CSCsq65580.

I think it is the first bug, so an upgrade to ASA 8.0.4 (which I would recommend anyhow if you use the ASDM) would sovlve the problem.

Kind regards

P-J Nefkens

acomiskey Thu, 11/13/2008 - 07:20

Or change the timeout to a non-default value.

crypto isakmp nat-traversal 21 (not default 20)


This Discussion