Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Temporary Disable IP Sec VPN

Hi,

We have a site to site IPsec vpn as well as a LES circuit to the same destination. Some traffic will use the VPN and other the LES connection.

I need to temporarily kill the site to site VPN to do some testing and am looking at suggestions for the best way to do so.

I was thinking of changing the IKE peer then clear crypto ipsec sa peer. I'll then put the correct ipsec peer in to pring up the tunnel.

Any suggestions / comments appreciated.

Thanks

Craig.

6 REPLIES

Temporary Disable IP Sec VPN

also you can do by removing the tunnel-group commands or removing the transform-set commands to achieve it... Pls try and let me know your results....

Temporary Disable IP Sec VPN

also you can disable the interafce pointed for vpn traffic in vpn configurations. i.e.

no crypto map map-name interface interface-name

New Member

Temporary Disable IP Sec VPN

Thanks - I should have mentioned that there are other IPSEC vpn’s that need to stay up.

Temporary Disable IP Sec VPN

Okay... Then you can use the 1st option by removing the tunnel group commands.....

Hall of Fame Super Silver

Temporary Disable IP Sec VPN

I like the

     no crypto map map-name interface interface-name

...option best. The map-name should be unique per IPsec L2L VPN

New Member

I know this is an old post

I know this is an old post but I would like to point out that this doesn't work - you can only have one crypto map on an interface, removing it will remove any other IPsec VPNs from that interface too.

478
Views
0
Helpful
6
Replies