how to disable (not delete) a VPN tunnel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2007 07:33 AM - edited 02-21-2020 03:16 PM
Is there a way to disable a site-to-site VPN tunnel on an ASA 5510? I know I can delete the tunnel policies and rules, but I want to keep them in place and simply disable the tunnel temporarily.
Thanks,
Nick
- Labels:
-
Other VPN Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2007 08:01 AM
Hello,
I would remove NAT statement for interesting traffic nat /(inside) 0 access-list NoNAT/.
I do not think there is an option to disable VPN.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2007 12:16 PM
Hi Nick
The way i used to do it was simply to remove or change the pre-shared key, assuming you are using pre-shared keys.
If not just edit the crypto map access-list.
HTH
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2007 05:04 AM
I always place the keyword 'inactive' behind the crypto map access-list. This way no traffic is matched for the tunnel, so no tunnel is created! You can just remove the keyword inactive bij replacing the access-rule with the original rule.
Here's an example:
access-list vpntunnel extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0 inactive
Please rate if the post is usefull!
Regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2023 08:00 AM
i personally used two ways to do that.
1: i followed mfreijser mentioned above solution.
place the keyword 'inactive' behind the crypto map access-list.
Here's an example:
access-list vpntunnel extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0 inactive
2: but it still keeping up Phase1 of tunnel. so i remove peer IP and save into notepad somewhere safe, and later when you want to make this tunnel up again you can use it.
Here's example:
no crypto map youmap 100 set peer 200.111.155.138
