Temporary Disable IP Sec VPN

craig.corbett · ‎06-14-2012

Hi,

We have a site to site IPsec vpn as well as a LES circuit to the same destination. Some traffic will use the VPN and other the LES connection.

I need to temporarily kill the site to site VPN to do some testing and am looking at suggestions for the best way to do so.

I was thinking of changing the IKE peer then clear crypto ipsec sa peer. I'll then put the correct ipsec peer in to pring up the tunnel.

Any suggestions / comments appreciated.

Thanks

Craig.

nkarthikeyan · ‎06-14-2012

also you can do by removing the tunnel-group commands or removing the transform-set commands to achieve it... Pls try and let me know your results....

nkarthikeyan · ‎06-14-2012

also you can disable the interafce pointed for vpn traffic in vpn configurations. i.e.

no crypto map map-name interface interface-name

craig.corbett · ‎06-14-2012

Thanks - I should have mentioned that there are other IPSEC vpn’s that need to stay up.

nkarthikeyan · ‎06-14-2012

Okay... Then you can use the 1st option by removing the tunnel group commands.....

Marvin Rhoads · ‎06-14-2012

I like the

no crypto map map-name interface interface-name

...option best. The map-name should be unique per IPsec L2L VPN

RouteOps_gm · ‎08-01-2017

I know this is an old post but I would like to point out that this doesn't work - you can only have one crypto map on an interface, removing it will remove any other IPsec VPNs from that interface too.