ASA 8.2 vpn-filter for l2l connections

Answered Question
May 11th, 2010

I have a vpn-filter set on my L2L policy. The remote site uses a Cisco 1811 router and the main hub is a Cisco 5580. I already have a vpn-filter acl in place on an existing L2L connection that works fine. The only issue is, when I make changes to the acl to add/remove access, I have to reload the entire tunnel before the changes take place.

My question is, is there a command to reload the access control without dropping the tunnel?

Correct Answer by mopaul about 6 years 9 months ago

Hi Jeffrey,

By design whenever any changes are made in the group-policy attributes (including vpn-filter, dns wins ip or vpn-protocol etc), you have to reset the respective tunnel so that phase 2 negotiates with the newly added policies. The command to clear a specific tunnel is :-

clear crypto ipsec sa peer

For further details on the command, please do refer the link below

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c3.html#wp2133652

So, to answer your query No there is no such command to reset access control. Had there been any such command you would still have to reset the tunnel to trigger the ipsec negotiations with new group-policy parameters.

HTH...

Regards
Mohit

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
mopaul Tue, 05/11/2010 - 09:39

Hi Jeffrey,

By design whenever any changes are made in the group-policy attributes (including vpn-filter, dns wins ip or vpn-protocol etc), you have to reset the respective tunnel so that phase 2 negotiates with the newly added policies. The command to clear a specific tunnel is :-

clear crypto ipsec sa peer

For further details on the command, please do refer the link below

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c3.html#wp2133652

So, to answer your query No there is no such command to reset access control. Had there been any such command you would still have to reset the tunnel to trigger the ipsec negotiations with new group-policy parameters.

HTH...

Regards
Mohit

Actions

This Discussion

Related Content