Version 8.0(2) contains a bug that involves an inconsistent interpretation of what the default command is for “crypto isakmp nat-traversal 20”. Whilst running, the device appears to have this command on by default but on boot the command is negated by default. The effect of this is nat-traversal is disabled every time you reboot the ASA.
Workaround?
Use a non-default keep-alive interval. I used “crypto isakmp nat-traversal 30” and the command now persists through a reboot.
Note: This issue appears to be fixed in 8.0(3) bug ID CSCsj5258.
the bug ID is CSCsj52581. You forgot the 1 at the end. I am running ASA 8.0(3) but the problem exists. I want to thank you for providing the solution.
Hi, thank you for providing this, the problem still persists in 8.0.(4) aswell, thought I was going a bit mad till I found this, thanks again
Now why didn’t I figure this out!!! Excellent tip!!!