Cisco Support Community
Community Member

Manually Invoke IPSEC Tunnel


I have a 2811 ISR with IOS 12.3(14) and have configured ipsec to dynamically create sa's using IKE. This router will replace an existing router that is over-utilised. No actual files will be sent when the swap is performed so the tunnel will not be created. Once I perform the swap though, is there any way I can manually bring up the IPSEC tunnel to verify that it is working.


Re: Manually Invoke IPSEC Tunnel

You can ping from inside interface of router A to inside interface of router B

from enable mode of Router A try command ping (without arguments)

Let we say inside interface of router A is and inside interface of router B is

routerA #ping

Protocol [ip]:

Target IP address:

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: yes

Source address or interface:

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

So if are routers IPs part of split tunnel ACL tunnel shoud be up


Hope that helps rate if it does

Hall of Fame Super Gold

Re: Manually Invoke IPSEC Tunnel


If I am understanding your post correctly the router that you will be replacing is configured to use a dynamic map to accept IPSec connections from remote routers (most typically done in situations where the remote router is getting an dynamic IP address assignment so the head end router can not statically map the peer relationship). In that case the head end router can not initiate the IPSec peering it can only accept connection requests from the remote. So when you replace the router and want to verify the connections you will need someone at the remote router to do something (pehaps an extended ping as Milan suggests). You will not be able to initiate the connection and test it from the head end router.



CreatePlease to create content