ASA 8.0(2) – disappearing ISAKMP nat-traversal

Version 8.0(2) contains a bug that involves an inconsistent interpretation of what the default command is for “crypto isakmp nat-traversal 20”. Whilst running, the device appears to have this command on by default but on boot the command is negated by default. The effect of this is nat-traversal is disabled every time you reboot the ASA.

Workaround?

Use a non-default keep-alive interval. I used “crypto isakmp nat-traversal 30” and the command now persists through a reboot.

Note: This issue appears to be fixed in 8.0(3) bug ID CSCsj5258.

Advertisements

3 thoughts on “ASA 8.0(2) – disappearing ISAKMP nat-traversal

  1. the bug ID is CSCsj52581. You forgot the 1 at the end. I am running ASA 8.0(3) but the problem exists. I want to thank you for providing the solution.

  2. Hi, thank you for providing this, the problem still persists in 8.0.(4) aswell, thought I was going a bit mad till I found this, thanks again

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s