11-13-2008 02:40 AM - edited 02-21-2020 03:06 AM
Our ASA 5510 has sw ver 8.0(2) and DM ver 6.0(2). Through ASDM on the menu Configuration>Site-to-site VPN>Advanced>IKE parameters under NAT transparency we checked "Enable IPSec over NAT-T" and wrote config to startup and also we did it manually. After power failure and start ASA 5510 lost this part from config file. So we have to put command "crypto isakmp nat-traversal" manually. Because through ASDM it hasn't effect. It's happened two times.
Any idea?
11-13-2008 06:34 AM
Hello,
There are two bugs that could be related to it. If you have access to the bug toolkit, check CSCsj52581 and CSCsq65580.
I think it is the first bug, so an upgrade to ASA 8.0.4 (which I would recommend anyhow if you use the ASDM) would sovlve the problem.
Kind regards
P-J Nefkens
11-13-2008 07:20 AM
Or change the timeout to a non-default value.
crypto isakmp nat-traversal 21 (not default 20)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: