We have numerous RA tunnel groups for vendors that do not always need access.
I want to keep the RA tunnel intact and enable/disable as needed.
What I have been doing is removing the PSK from the RA tunnel config.
You get a prompt:
"Without a PSK or Trustpoint configured, no tunnel can be established.
Do you still want to continue?"
My question is, is this a safe way to disable the tunnel?
According to the prompt, unless I input the PSK, there will be no tunnel established, but I want to know for sure that this is safe to do.
I have tried to access with a VPN client and a blank group password and cannot connect, but I want to make sure there is not something I am missing.