08-22-2011 07:53 PM - edited 02-21-2020 05:32 PM
Hi Guys,
Anyone knows a way to termporarily disable a particular IPSec tunnel on a Cisco router provided:
- No change of configuration
- Not affecting other running IPSec tunnels
- GRE is not being used, so there is no tunnel interface to shut down
Or any closest way to meet the above requirement?
Thanks,
Andrew
Solved! Go to Solution.
08-22-2011 08:45 PM
Andrew,
There is no way to "disable" the tunnel without modifying the config.
I think the easiest way would be to get in the crypto map for that particular tunnel and remove either the peer or the ACL:
e.g.:
crypto map labmap 10 ipsec-isakmp
no set peer 10.0.0.1
crypto map labmap 10 ipsec-isakmp
no match address 100
or you can remove the isakmp key for that tunnel, that would do it to, e.g.:
no crypto isakmp key cisco123 address 10.0.0.1
That would prevent the tunnel from coming up without affecting other tunnels.
I hope this helps.
Raga
08-22-2011 08:45 PM
Andrew,
There is no way to "disable" the tunnel without modifying the config.
I think the easiest way would be to get in the crypto map for that particular tunnel and remove either the peer or the ACL:
e.g.:
crypto map labmap 10 ipsec-isakmp
no set peer 10.0.0.1
crypto map labmap 10 ipsec-isakmp
no match address 100
or you can remove the isakmp key for that tunnel, that would do it to, e.g.:
no crypto isakmp key cisco123 address 10.0.0.1
That would prevent the tunnel from coming up without affecting other tunnels.
I hope this helps.
Raga
08-23-2011 10:30 PM
Thanks, Raga.
Andrew
08-24-2011 07:50 AM
Sure, anytime
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide