Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1001
Views
0
Helpful
3
Replies

How best to disable GETVPN

ktwaddell
Level 1
Level 1

‎05-18-2018 03:36 AM - edited ‎03-12-2019 05:18 AM

Hi,

 

Been a long time since I've posted on here, but new to GETVPN, been asked to diabled fully without any down time, so looks like all GM have a open fail policy and no local ACLs.

 

what would you good people suggest as good way to allow traffic just to pass over the MPLS as normal not use the GETVPN?

 

Thanks in advance

Kevin

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎05-18-2018 06:15 AM

Hi,
I'm not sure it's possible to do without an interruption to service. Ultimately you'll need to disable encryption on all of the interfaces.

E.g
interface GigabitEthernet 0/0
no crypto map GET_MAP
0 Helpful

ktwaddell
Level 1
Level 1
In response to Rob Ingram

‎05-18-2018 06:24 AM

Hi,

 

Currently my options are

1) Deny ip any any on KS gdoi ACL (wait a week to see if any fallout, then safety remove config on GMs)

 

2) Remove all GM peer IP addresses on KSs

 

3)on GMs remove VPN map command from interfaces as you suggested.

 

Thanks

Kev 

 

0 Helpful

Adam Hinchliff
Level 1
Level 1

‎01-10-2021 05:20 PM

Did you ever make progress with this? 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents