no crypto isakmp nat-traversal 20 even after rebooting

Solution to CSCsj5258 bug

no crypto isakmp nat-traversal 20 command still exists in running configuration of CISCO ASA, even after rebooting. I faced this issue after I ran following commands in my CISCO ASA.

(config)# crypto isakmp nat-traversal

(config)# copy start run

(config)# reload

After reloading ASA, I found that “no crypto isakmp nat-traversal 20”  in running config, even though it is not in start up config. Actually, this is a bug in CISCO ASA 8.0(2) version. CISCO claims that this issue is resolved in 8.0(3) version. But there is a work around for this, execute crypto isakmp nat-traversal 21 command and choose non-default keep-alive interval.

Leave a Reply