Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1311
Views
0
Helpful
6
Replies

Temporary Disable IP Sec VPN

craig.corbett
Level 2
Level 2

‎06-14-2012 08:33 AM - edited ‎03-11-2019 04:19 PM

Hi,

We have a site to site IPsec vpn as well as a LES circuit to the same destination. Some traffic will use the VPN and other the LES connection.

I need to temporarily kill the site to site VPN to do some testing and am looking at suggestions for the best way to do so.

I was thinking of changing the IKE peer then clear crypto ipsec sa peer. I'll then put the correct ipsec peer in to pring up the tunnel.

Any suggestions / comments appreciated.

Thanks

Craig.

Labels:
0 Helpful
6 Replies 6

nkarthikeyan
Level 7
Level 7

‎06-14-2012 09:49 AM

also you can do by removing the tunnel-group commands or removing the transform-set commands to achieve it... Pls try and let me know your results....

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to nkarthikeyan

‎06-14-2012 09:53 AM

also you can disable the interafce pointed for vpn traffic in vpn configurations. i.e.

no crypto map map-name interface interface-name

0 Helpful

craig.corbett
Level 2
Level 2
In response to nkarthikeyan

‎06-14-2012 10:24 AM

Thanks - I should have mentioned that there are other IPSEC vpn’s that need to stay up.

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to craig.corbett

‎06-14-2012 11:03 AM

Okay... Then you can use the 1st option by removing the tunnel group commands.....

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to craig.corbett

‎06-14-2012 12:04 PM

I like the

     no crypto map map-name interface interface-name

...option best. The map-name should be unique per IPsec L2L VPN

0 Helpful

George Mason
Level 1
Level 1
In response to Marvin Rhoads

‎08-01-2017 08:46 AM

I know this is an old post but I would like to point out that this doesn't work - you can only have one crypto map on an interface, removing it will remove any other IPsec VPNs from that interface too.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card