This Nominated Discussion Article is based on the post "Bring Down IPsec Tunnel Manually" by @j.nepomuceno and responded to by @TomYoung and @Raido_Rattameister . Read on to see the discussion and solution!
I am troubleshooting an issue where I need to bring down the IPsec tunnel manually, what is the best way to do this in GUI or CLI?
Thanks
Depending on whether you want to bounce the tunnel or actually disable it, you have different options.
The following CLI commands will tear down the VPN tunnel (phase1 & phase2 respectively):
- Phase 1
> clear vpn ike-sa gateway <gw-name>
- Phase 2
> clear vpn ipsec-sa tunnel <tunnel-name>
Follow these steps to clear (bounce) a tunnel using the GUI:
- Phase 1
- Goto Network > IPsec tunnels and select your tunnel
- Click IKE-Info
- At the bottom, click the action you want (Refresh or Restart)
- Phase 2
- Goto Network > IPsec tunnels and select your tunnel
- Click Tunnel-Info
- At the bottom, click the action you want (Refresh or Restart)
Instead of bouncing, you can also choose to disable/enable IKE gateways or IPsec tunnels.
- Enable/Disable an IKE Gateway
- Go to Network
> Network Profiles > IKE Gateways and select the gateway in question.
- Click Enable/Disable at the bottom of the screen
- Go to Network
- Enable/Disable an IPsec tunnel
- Go to Network
> IPSec Tunnels and select the tunnel in question
- Click Enable/Disable at the bottom of the screen
- Go to Network
For more information: