i personally used two ways to do that.1: i followed mfreijser mentioned above solution.place the keyword 'inactive' behind the crypto map access-list.Here's an example:access-list vpntunnel extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.25...