Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Temporary Disable RA VPN tunnel groups

We have numerous RA tunnel groups for vendors that do not always need access.

I want to keep the RA tunnel intact and enable/disable as needed.

What I have been doing is removing the PSK from the RA tunnel config.

You get a prompt:

"Without a PSK or Trustpoint configured, no tunnel can be established.

Do you still want to continue?"

My question is, is this a safe way to disable the tunnel?

According to the prompt, unless I input the PSK, there will be no tunnel established, but I want to know for sure that this is safe to do.

I have tried to access with a VPN client and a blank group password and cannot connect, but I want to make sure there is not something I am missing.

1 REPLY

Re: Temporary Disable RA VPN tunnel groups

Assign a valid time range to the RA VPN.

example:-

time-range << some 3rd party>> 01 January 2009 end 23:59 31 January 2007

group-policy << some 3rd party>>

vpn-access-hours value << some 3rd party>>

Then the 3rd party can only log in during that time frame - when you don't want them to connect, just change the date/time.

HTH>

222
Views
0
Helpful
1
Replies
CreatePlease to create content