"My concern was the output of "sh crypto isakmp sa" was always showing as "QM_idle". and it remained the same even when I shut down the WAN interafce of the router.
Is there any other command that I am missing??"
If you shut down the WAN interface, the isakmp phase I and Phase II will remains until rekey is happening. At that stage, after retransmitting packets and then we will flush the phase I and the Phase II.
If you are looking at flushing the tunnel when the interface goes down then you have to enable keepalives
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...