06-14-2012 08:33 AM - edited 03-11-2019 04:19 PM
Hi,
We have a site to site IPsec vpn as well as a LES circuit to the same destination. Some traffic will use the VPN and other the LES connection.
I need to temporarily kill the site to site VPN to do some testing and am looking at suggestions for the best way to do so.
I was thinking of changing the IKE peer then clear crypto ipsec sa peer. I'll then put the correct ipsec peer in to pring up the tunnel.
Any suggestions / comments appreciated.
Thanks
Craig.
06-14-2012 09:49 AM
also you can do by removing the tunnel-group commands or removing the transform-set commands to achieve it... Pls try and let me know your results....
06-14-2012 09:53 AM
also you can disable the interafce pointed for vpn traffic in vpn configurations. i.e.
no crypto map map-name interface interface-name
06-14-2012 10:24 AM
Thanks - I should have mentioned that there are other IPSEC vpn’s that need to stay up.
06-14-2012 11:03 AM
Okay... Then you can use the 1st option by removing the tunnel group commands.....
06-14-2012 12:04 PM
I like the
no crypto map map-name interface interface-name
...option best. The map-name should be unique per IPsec L2L VPN
08-01-2017 08:46 AM
I know this is an old post but I would like to point out that this doesn't work - you can only have one crypto map on an interface, removing it will remove any other IPsec VPNs from that interface too.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: