Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA loses NAT-T Config for Remote Access

Hi,

i have a problem with an ASA 5505.

I have configured NAT-T for the remote access via IPSec and the cisco vpn client.

My ASA loses this config option once a day.

I configure NAT-T with a lifetime of 30 seconds, apply and save to flash.

The next day, there is no NAT-T configured anymore.

I suspect this happens when the ASA is re-establishing the internet connection.

Does anybody have a hint how to make this config option stay permanent?

Thanks in advance and best regards.

8 REPLIES
Green

Re: ASA loses NAT-T Config for Remote Access

There was a bug that would remove the nat-traversal command when the ASA was rebooted. The workaround was to assign a non-default lifetime value. For example...

crypto isakmp nat-traversal 21

If you've set it to 30, you've already done the workaround. Was version of ASA?

New Member

Re: ASA loses NAT-T Config for Remote Access

Its an ASA 5505 with version 8.0(2)

Green
New Member

Re: ASA loses NAT-T Config for Remote Access

I also recogniced i have to choose a value different from he default, thats why i chose 30.

The ASA is not rebooting (at least the uptime says that).

I am also monitoring this device with Nagios from an external server in the internet, it does not seem the device is rebooting (or it would be rebooting very fast).

I suggest it happens when the internet connection is re-established but i am not sure about hat.

Funny thing is, i have other ASAs running with version 8.0(2) which does not have this problem.

We also already replaced it with a new one, reconfigured it, but the behaviour is always the same.

New Member

Re: ASA loses NAT-T Config for Remote Access

Can anybody tell me if this is a known bug or am i just not able to configure an ASA correctly?

Gold

Re: ASA loses NAT-T Config for Remote Access

have you tried upgrading to 8.0(3)

New Member

Re: ASA loses NAT-T Config for Remote Access

Seems to me 8.0(3) is only accessible to users with a support contract.

As i do not have one, is there any chance for me to get 8.0(3)?

New Member

Re: ASA loses NAT-T Config for Remote Access

I am having this issue on 8.0(3). The weird thing is, only my Vista users cannot connect via VPN if Nat-T is not configured.

279
Views
0
Helpful
8
Replies