ā08-30-2016 11:00 AM - edited ā03-12-2019 01:12 AM
Hello All:
I have only limited ASDM access to a firewall that is managed by a 3rd party. I need to be able to temporarily "turn off" a VPN tunnel. I do not want to remove pertinent info re:the tunnel (such as the PSK); I just need to disable the tunnel for a short time & must be able to re-enable it quickly. We are migrating to another ASA & we just need to get someone from the remote end to contact us so we can schedule the migration to the new ASA.
I Googled this & thought I found the answer here - https://www.experts-exchange.com/questions/26933100/ASA-5505-Enable-disable-VPN-in-ASDM.html, but I do NOT have an IPsec Protocol checkbox in the comment made by Ernie Beek - all the tunnels are using the same Group Policy & I received the following when trying to uncheck IKEv1 Enabled (in Connection Profiles):
"Enabled" is an attribute of group policy. The same group policy, "" is being used by the following connection profiles........
Sounds like I DO NOT want to do that.
Would someone please either advise whether it'd be better to change (after noting) the IPsec Proposal in the Basic properties of the tunnel or if changing the remote network (after noting) would be better suited. I have to make sure the tunnel can be re-enabled easily and that the PSK is not lost.
I'm using ASDM version 7.6(1) to accomplish this.
Thanks for any advice.
Solved! Go to Solution.
ā08-31-2016 12:55 AM
Disable the "interesting acl" defined in the crypto map for the VPN - this will not allow the VPN to form
ā08-31-2016 12:55 AM
Disable the "interesting acl" defined in the crypto map for the VPN - this will not allow the VPN to form
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide