Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
314
Views
0
Helpful
1
Replies

Temporary Disable RA VPN tunnel groups

wilson_1234_2
Level 3
Level 3

‎01-21-2009 09:14 AM - edited ‎03-11-2019 07:40 AM

We have numerous RA tunnel groups for vendors that do not always need access.

I want to keep the RA tunnel intact and enable/disable as needed.

What I have been doing is removing the PSK from the RA tunnel config.

You get a prompt:

"Without a PSK or Trustpoint configured, no tunnel can be established.

Do you still want to continue?"

My question is, is this a safe way to disable the tunnel?

According to the prompt, unless I input the PSK, there will be no tunnel established, but I want to know for sure that this is safe to do.

I have tried to access with a VPN client and a blank group password and cannot connect, but I want to make sure there is not something I am missing.

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎01-21-2009 09:21 AM

Assign a valid time range to the RA VPN.

example:-

time-range << some 3rd party>> 01 January 2009 end 23:59 31 January 2007

group-policy << some 3rd party>>

vpn-access-hours value << some 3rd party>>

Then the 3rd party can only log in during that time frame - when you don't want them to connect, just change the date/time.

HTH>

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card