Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

how to disable (not delete) a VPN tunnel

Is there a way to disable a site-to-site VPN tunnel on an ASA 5510? I know I can delete the tunnel policies and rules, but I want to keep them in place and simply disable the tunnel temporarily.

Thanks,

Nick

3 REPLIES
New Member

Re: how to disable (not delete) a VPN tunnel

Hello,

I would remove NAT statement for interesting traffic nat /(inside) 0 access-list NoNAT/.

I do not think there is an option to disable VPN.

Thanks.

Hall of Fame Super Blue

Re: how to disable (not delete) a VPN tunnel

Hi Nick

The way i used to do it was simply to remove or change the pre-shared key, assuming you are using pre-shared keys.

If not just edit the crypto map access-list.

HTH

Jon

Bronze

Re: how to disable (not delete) a VPN tunnel

I always place the keyword 'inactive' behind the crypto map access-list. This way no traffic is matched for the tunnel, so no tunnel is created! You can just remove the keyword inactive bij replacing the access-rule with the original rule.

Here's an example:

access-list vpntunnel extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0 inactive

Please rate if the post is usefull!

Regards,

Michael

423
Views
12
Helpful
3
Replies
CreatePlease to create content