ASA 5510 nat-traversal problem

Unanswered Question
Nov 13th, 2008
User Badges:

Our ASA 5510 has sw ver 8.0(2) and DM ver 6.0(2). Through ASDM on the menu Configuration>Site-to-site VPN>Advanced>IKE parameters under NAT transparency we checked "Enable IPSec over NAT-T" and wrote config to startup and also we did it manually. After power failure and start ASA 5510 lost this part from config file. So we have to put command "crypto isakmp nat-traversal" manually. Because through ASDM it hasn't effect. It's happened two times.

Any idea?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nefkensp Thu, 11/13/2008 - 06:34
User Badges:


There are two bugs that could be related to it. If you have access to the bug toolkit, check CSCsj52581 and CSCsq65580.

I think it is the first bug, so an upgrade to ASA 8.0.4 (which I would recommend anyhow if you use the ASDM) would sovlve the problem.

Kind regards

P-J Nefkens

acomiskey Thu, 11/13/2008 - 07:20
User Badges:
  • Green, 3000 points or more

Or change the timeout to a non-default value.

crypto isakmp nat-traversal 21 (not default 20)


This Discussion