ASA 8.0(2) – disappearing ISAKMP nat-traversal

Version 8.0(2) contains a bug that involves an inconsistent interpretation of what the default command is for “crypto isakmp nat-traversal 20”. Whilst running, the device appears to have this command on by default but on boot the command is negated by default. The effect of this is nat-traversal is disabled every time you reboot the ASA.


Use a non-default keep-alive interval. I used “crypto isakmp nat-traversal 30” and the command now persists through a reboot.

Note: This issue appears to be fixed in 8.0(3) bug ID CSCsj5258.

3 thoughts on “ASA 8.0(2) – disappearing ISAKMP nat-traversal

  1. the bug ID is CSCsj52581. You forgot the 1 at the end. I am running ASA 8.0(3) but the problem exists. I want to thank you for providing the solution.

  2. Hi, thank you for providing this, the problem still persists in 8.0.(4) aswell, thought I was going a bit mad till I found this, thanks again

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s