Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Any way to bring up a tunnel from within the router/firewall?

I've set up a number of site-to-site IPSEC tunnels, but the one thing that I can't seem to get is: Is there any way to bring the tunnel up if I am not actually at one of the endpoints?

...usually I can just tell one of the people at either end to do a PING or something so that the "interesting traffic" access-list gets a hit and brings up the tunnel, but if it's midnight and I'm SSH-ed into a firewall from home and I want to bring up the tunnel to see that it's working, can I do it using any commands on the router/firewall... my understanding is that traffic sourced from the router/firewall won't hit any access lists, so I can't bring up the tunnel with a simple PING. (or is my understanding wrong?)

Any ideas or "tricks" that people use to accomplish this?

Thomas Dzubin


Re: Any way to bring up a tunnel from within the router/firewall

There are several ways to do this:

- Router:

You can use an extended ping from a router, but this is not possible for a Pix or ASA.

- Firewall:

You can use the 'Test' button in Monitoring section from the ASDM for a Pix/ASA with software version 7.x. There is no way (for as far as i know) to test this from a firewall running Pix software 6.x.

Please rate if the post is usefull!



CreatePlease to create content