Crypto Isakmp Nat-Traversal is Gone on Cisco ASA.
Well, today, we have a trouble on our Cisco ASA. We can log to Cisco ASA VPN Remote Access using the specific username and password but we can’t do anything such as ping , web access , remote desktop and soon. For your information, our cisco ASA is using Version 8.x.
Then we looked into our configuration via CLI. After checking the configuration, we found that there is a change in one of the commands. We noticed that command “Crypto isakmp nat-traversal” is gone and changed into “no crypto isakmp nat-traversal” . We were very confused why the command was being disabled. Then we opened ticket via cisco TAC and being asked whether we have rebooted the device or not before the trouble happened. We said the device was rebooted because of electricy failure.
The cisco customer support said that it is a bug for that version and suggest me to set the value to something other than default 20 (for example 21). After that, we change the default value to 21 and try to reboot the device. Suprisingly, the command is still in the configuration and we can access to the our internal network via VPN remote access.
PS: The command “crypto isakmp nat-traversal” is sometimes used to make the vpn remote access work behind the NAT translation .
