Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Clear VPN Tunnel phase1/phase2

Is it possible to clear individual tunnels without bringing them all down? I've seen the clear crypt ips sa & cl crypt isa sa, but that's global. Is there something that I can do to pinpoint individual tunnels to kill?

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Clear VPN Tunnel phase1/phase2

If its an ASA, you can also teardown specific tunnels using their index numbers.

To get the index number do "show vpn-sessiondb <(l2l,remote,svc,webvpn)>" command

To log it off do "vpn-sessiondb logoff index " command

-heather

4 REPLIES
Cisco Employee

Re: Clear VPN Tunnel phase1/phase2

If its an ASA, you can also teardown specific tunnels using their index numbers.

To get the index number do "show vpn-sessiondb <(l2l,remote,svc,webvpn)>" command

To log it off do "vpn-sessiondb logoff index " command

-heather

New Member

Re: Clear VPN Tunnel phase1/phase2

Hi mate,

You can do it by peer using:

clear crypto ipsec sa peer

Hope that helps!

Anthony

New Member

Re: Clear VPN Tunnel phase1/phase2

Thats phase2, how about phase1?

New Member

Re: Clear VPN Tunnel phase1/phase2

I'm not aware of a command that will let you specify for just phase 1 of a peer.

clear crypto session remote will reset phase 1 and 2 though

2610
Views
0
Helpful
4
Replies
CreatePlease to create content