Solved: How to Delete or undo VPN with these settings

cciardo · ‎05-05-2020

Could someone help me with commands to delete all these things that were added for a site-to-site VPN.
Here is the new tunnel added.
=============================================================

object-group network Limestone-StatRad
network-object host 110.199.0.13

access-list AccessList_Limestone-StatRad line 1 extended permit ip object GlobalClusterForVPN object-group Limestone-StatRad
group-policy GroupPolicy_Limestone-StatRad internal
group-policy GroupPolicy_Limestone-StatRad attributes
vpn-tunnel-protocol ikev1

tunnel-group 215.37.70.66 type ipsec-l2l
tunnel-group 215.37.70.66 general-attributes
default-group-policy GroupPolicy_Limestone-StatRad
tunnel-group 215.37.70.66 ipsec-attributes
ikev1 pre-shared-key xxxxxxx
isakmp keepalive threshold 10 retry 2
crypto map gateway_map 29 set peer 215.37.70.66
crypto map gateway_map 29 match address AccessList_Limestone-StatRad
crypto map gateway_map 29 set ikev1 transform-set ESP-AES-256-SHA

access-list Filter_Limestone-StatRad line 1 extended permit icmp any any
access-list Filter_Limestone-StatRad line 2 extended permit object-group RWsOutboundVPNallowedPorts object-group Limestone-StatRad object GlobalClusterForVPN
access-list Filter_Limestone-StatRad line 3 extended permit object-group RWsInboundVPNallowedPorts object-group Limestone-StatRad object GlobalClusterForVPN
access-list Filter_Limestone-StatRad line 4 extended deny ip object-group Limestone-StatRad any
group-policy GroupPolicy_Limestone-StatRad attributes
vpn-filter value Filter_Limestone-StatRad
exit

nat (any,inside2) source static Limestone-StatRad Limestone-StatRad destination static GlobalClusterForVPN GlobalKempCluster no-proxy-arp
nat (inside2,any) source dynamic GlobalClusterNodesPrivate GlobalClusterForVPN destination static Limestone-StatRad Limestone-StatRad
=====================================

Sheraz.Salim · ‎05-07-2020

Hi cciardo,

in order you delete this object-group.

object-group network Limestone-StatRad
network-object host 10.199.0.13

you have to put no at front.

no object-group network Limeston-statRad. clear configuration object-group network command does work as global if you can specify the name at end it will throw you error like it showed earlier in you config.

please do not forget to rate.

View solution in original post

Michael ONeil · ‎05-07-2020

This should do it. be sure to enter one line at a time and look for warnings or errors.

You have to remove the ACl then the objects it uses

clear configure access-list AccessList_Limestone-StatRad

clear configure object-group network Limestone-StatRad

clear configure group-policy GroupPolicy_Limestone-StatRad

clear configure tunnel-group 215.37.70.66

clear configure crypto map gateway_map 29

might not need this below as it should be removed with the above command, as its part of the crypto map

clear configure access-list Filter_Limestone-StatRad

no nat (any,inside2) source static Limestone-StatRad Limestone-StatRad destination static GlobalClusterForVPN GlobalKempCluster no-proxy-arp
no nat (inside2,any) source dynamic GlobalClusterNodesPrivate GlobalClusterForVPN destination static Limestone-StatRad Limestone-StatRad

cciardo · ‎05-07-2020

I want to thank you first!

i have this when i try to clear the object-group. What gives there?
Marker is on the "L" like it doesn't know the name??

ciscophx(config)# clear configure object-group network Limestone-StatRad
^
ERROR: % Invalid input detected at '^' marker.

I look for object-group and see it:

ciscophx(config)# show run object-group
object-group service RWsOutboundVPNallowedPorts
service-object tcp destination eq www
service-object tcp destination eq https
object-group service RWsInboundVPNallowedPorts
service-object tcp destination eq 3200
object-group network Limestone-StatRad
network-object host 10.199.0.13
object-group network TEST_REMOTE_NETWORK
network-object 192.168.22.0 255.255.255.0

Sheraz.Salim · ‎05-07-2020