Solved: How to disable a particular IPSec tunnel on Cisco router

andrew_ho · ‎08-22-2011

Hi Guys,

Anyone knows a way to termporarily disable a particular IPSec tunnel on a Cisco router provided:

- No change of configuration

- Not affecting other running IPSec tunnels

- GRE is not being used, so there is no tunnel interface to shut down

Or any closest way to meet the above requirement?

Thanks,

Andrew

raga.fusionet · ‎08-22-2011

Andrew,

There is no way to "disable" the tunnel without modifying the config.

I think the easiest way would be to get in the crypto map for that particular tunnel and remove either the peer or the ACL:

e.g.:

crypto map labmap 10 ipsec-isakmp

no set peer 10.0.0.1

crypto map labmap 10 ipsec-isakmp

no match address 100

or you can remove the isakmp key for that tunnel, that would do it to, e.g.:

no crypto isakmp key cisco123 address 10.0.0.1

That would prevent the tunnel from coming up without affecting other tunnels.

I hope this helps.

Raga

raga.fusionet · ‎08-22-2011

Andrew,

There is no way to "disable" the tunnel without modifying the config.

I think the easiest way would be to get in the crypto map for that particular tunnel and remove either the peer or the ACL:

e.g.:

crypto map labmap 10 ipsec-isakmp

no set peer 10.0.0.1

crypto map labmap 10 ipsec-isakmp

no match address 100

or you can remove the isakmp key for that tunnel, that would do it to, e.g.:

no crypto isakmp key cisco123 address 10.0.0.1

That would prevent the tunnel from coming up without affecting other tunnels.

I hope this helps.

Raga

andrew_ho · ‎08-23-2011

Thanks, Raga.

Andrew

raga.fusionet · ‎08-24-2011

Sure, anytime