I have a vpn-filter set on my L2L policy. The remote site uses a Cisco 1811 router and the main hub is a Cisco 5580. I already have a vpn-filter acl in place on an existing L2L connection that works fine. The only issue is, when I make changes to the acl to add/remove access, I have to reload the entire tunnel before the changes take place.
My question is, is there a command to reload the access control without dropping the tunnel?
By design whenever any changes are made in the group-policy attributes (including vpn-filter, dns wins ip or vpn-protocol etc), you have to reset the respective tunnel so that phase 2 negotiates with the newly added policies. The command to clear a specific tunnel is :-
clear crypto ipsec sa peer
For further details on the command, please do refer the link below
So, to answer your query No there is no such command to reset access control. Had there been any such command you would still have to reset the tunnel to trigger the ipsec negotiations with new group-policy parameters.