Temporary Disable RA VPN tunnel groups

Unanswered Question
Jan 21st, 2009

We have numerous RA tunnel groups for vendors that do not always need access.

I want to keep the RA tunnel intact and enable/disable as needed.

What I have been doing is removing the PSK from the RA tunnel config.

You get a prompt:

"Without a PSK or Trustpoint configured, no tunnel can be established.

Do you still want to continue?"

My question is, is this a safe way to disable the tunnel?

According to the prompt, unless I input the PSK, there will be no tunnel established, but I want to know for sure that this is safe to do.

I have tried to access with a VPN client and a blank group password and cannot connect, but I want to make sure there is not something I am missing.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Assign a valid time range to the RA VPN.


time-range << some 3rd party>> 01 January 2009 end 23:59 31 January 2007

group-policy << some 3rd party>>

vpn-access-hours value << some 3rd party>>

Then the 3rd party can only log in during that time frame - when you don't want them to connect, just change the date/time.



This Discussion