Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1510
Views
0
Helpful
2
Replies

Temporarily Disable GetVPN

mhmservice
Level 1
Level 1

‎02-19-2019 12:51 AM - edited ‎02-21-2020 09:34 PM

Hi all

 

We are experiencing intermittent problems with a site and for troubleshooting purposes i'd like to temporarily disable GetVPN,

 

Currently the router has 1x interface with the crypto map enabled as such:

 

interface GigabitEthernet0/0
description *** TOWARDS WAN ***
ip address 172.16.100.2 255.255.255.0
duplex auto
speed auto

standby 0 ip 172.16.100.1

standby 0 priority 105
standby 0 preempt
standby 0 authentication XXXXXXXXXXXXXXXXXXXXX
crypto map getvpn

 

I executed the command on the interface "no crypto map getvpn" but the traffic to/from the site completely stops flowing

 

Can anyone assist with a better way to perform this task?

 

Thanks in advance

 

Labels:
0 Helpful
2 Replies 2

Mohammed al Baqari
Level 11
Level 11

‎02-19-2019 01:13 AM

You need to remove crypto-map from both sides of the link. If you did that
then check if you have acls limiting communication to be between
crypto-peer-ips only and not allowing direct lan-to-lan flows. Check also
that routing is established
0 Helpful

Julio E. Moisa
VIP
VIP

‎02-19-2019 01:57 AM

Hi

Are you using authorization list on the KS device? try removing the peer from the ACL. As mentioned previously also chech the interested traffic ACLs. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents