Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1161
Views
0
Helpful
4
Replies

How to disable VPN tunnel

kaleemullahbilal1
Level 1
Level 1

‎03-14-2023 09:05 PM

HI community,

I just want to temporarily disable the VPN TUNNELFROM asdm or CLI. Please let me know how can i do it.

Labels:
0 Helpful
4 Replies 4

Sheraz.Salim
VIP
VIP

‎03-16-2023 01:48 AM - edited ‎03-16-2023 01:58 AM

if it a site to site vpn. just change the pre-shared key. prior to do that make a note of the pre-shared key. as you might need it to re-instate it.

 

 

more system:running-config

 

will show you the pre-shared key configured for this vpn.

or you can disable to nat rule as inactive.

 

 

or another way is disable the crypto map rule

crypto map outside_map 1 match address outside_cryptomap_6 <<<<<<----------
crypto map outside_map 1 set pfs group21
crypto map outside_map 1 set peer 8.8.8.8
crypto map outside_map 7 set ikev2 ipsec-proposal AES256/SHA384
crypto map outside_map 7 set security-association lifetime seconds 3600
please do not forget to rate.
0 Helpful

MHM Cisco World
VIP
VIP

‎03-16-2023 02:50 AM

in cli 
only do 
no crypo map <map name> interface OUT <<-
only do this and when you want it again do remove no from commend.

0 Helpful

Sheraz.Salim
VIP
VIP
In response to MHM Cisco World

‎03-16-2023 02:58 AM - edited ‎03-16-2023 02:59 AM

@MHM Cisco World 

 

crypto map outside_map 1 match address outside_cryptomap_123
crypto map outside_map 1 set pfs group20
crypto map outside_map 1 set peer 8.8.8.8
crypto map outside_map 1 set ikev2 ipsec-proposal AES256/SHA384
crypto map outside_map 1 set ikev2 pre-shared-key ab3$4did
crypto map outside_map interface outside

 

using the command "no crypto map outside_map interface outside" will disable all the vpn tunnel. what if the OP only want to disable 1 vpn tunnel. the command you mentioned it will tear all vpns tunnels (if one then one is configured on ASA).

 

This command need to used in under caution "no crypto map outside_map interface outside" and in change control as it will impact the business big time.

please do not forget to rate.
0 Helpful

MHM Cisco World
VIP
VIP
In response to Sheraz.Salim

‎03-16-2023 03:01 AM

Yes if he run multi Seq then all will disable with commend  mention before 
and if he need to disable only one Seq of crypto map (only one VPN) he can by only remove the match address and keep other cofig , this make traffic never pass without encrypt, i.e. disable this VPN

0 Helpful
Customers Also Viewed These Support Documents