how to disable (not delete) a VPN tunnel

Unanswered Question
Sep 17th, 2007

Is there a way to disable a site-to-site VPN tunnel on an ASA 5510? I know I can delete the tunnel policies and rules, but I want to keep them in place and simply disable the tunnel temporarily.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
bamnocadmin Mon, 09/17/2007 - 08:01


I would remove NAT statement for interesting traffic nat /(inside) 0 access-list NoNAT/.

I do not think there is an option to disable VPN.


Jon Marshall Mon, 09/17/2007 - 12:16

Hi Nick

The way i used to do it was simply to remove or change the pre-shared key, assuming you are using pre-shared keys.

If not just edit the crypto map access-list.



mfreijser Tue, 09/18/2007 - 05:04

I always place the keyword 'inactive' behind the crypto map access-list. This way no traffic is matched for the tunnel, so no tunnel is created! You can just remove the keyword inactive bij replacing the access-rule with the original rule.

Here's an example:

access-list vpntunnel extended permit ip inactive

Please rate if the post is usefull!




This Discussion