cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13922
Views
5
Helpful
4
Replies

Clear VPN Tunnel phase1/phase2

jcw009
Level 1
Level 1

Is it possible to clear individual tunnels without bringing them all down? I've seen the clear crypt ips sa & cl crypt isa sa, but that's global. Is there something that I can do to pinpoint individual tunnels to kill?

Thanks!

1 Accepted Solution

Accepted Solutions

hdashnau
Cisco Employee
Cisco Employee

If its an ASA, you can also teardown specific tunnels using their index numbers.

To get the index number do "show vpn-sessiondb <(l2l,remote,svc,webvpn)>" command

To log it off do "vpn-sessiondb logoff index " command

-heather

View solution in original post

4 Replies 4

hdashnau
Cisco Employee
Cisco Employee

If its an ASA, you can also teardown specific tunnels using their index numbers.

To get the index number do "show vpn-sessiondb <(l2l,remote,svc,webvpn)>" command

To log it off do "vpn-sessiondb logoff index " command

-heather

anthony.baker
Level 1
Level 1

Hi mate,

You can do it by peer using:

clear crypto ipsec sa peer

Hope that helps!

Anthony

Thats phase2, how about phase1?

I'm not aware of a command that will let you specify for just phase 1 of a peer.

clear crypto session remote will reset phase 1 and 2 though

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: