Temporary Disable IP Sec VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2012 08:33 AM - edited 03-11-2019 04:19 PM
Hi,
We have a site to site IPsec vpn as well as a LES circuit to the same destination. Some traffic will use the VPN and other the LES connection.
I need to temporarily kill the site to site VPN to do some testing and am looking at suggestions for the best way to do so.
I was thinking of changing the IKE peer then clear crypto ipsec sa peer. I'll then put the correct ipsec peer in to pring up the tunnel.
Any suggestions / comments appreciated.
Thanks
Craig.
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2012 09:49 AM
also you can do by removing the tunnel-group commands or removing the transform-set commands to achieve it... Pls try and let me know your results....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2012 09:53 AM
also you can disable the interafce pointed for vpn traffic in vpn configurations. i.e.
no crypto map map-name interface interface-name
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2012 10:24 AM
Thanks - I should have mentioned that there are other IPSEC vpn’s that need to stay up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2012 11:03 AM
Okay... Then you can use the 1st option by removing the tunnel group commands.....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2012 12:04 PM
I like the
no crypto map map-name interface interface-name
...option best. The map-name should be unique per IPsec L2L VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-01-2017 08:46 AM
I know this is an old post but I would like to point out that this doesn't work - you can only have one crypto map on an interface, removing it will remove any other IPsec VPNs from that interface too.
