How to disable a Cisco VPN tunnel

This should be simple. I have several site-to-site IPSEC VPN tunnels configured on a Cisco 2801 router. For testing purposes, I want to be able to disable the tunnels without deleting their configuration, and without have to reload the router. Just want to shut them down individually, then bring them back up, without otherwise affecting any other operations.

But, I don't think I've ever read any instructions on how to do this. Thanks.

Reply to
ttripp
Loading thread data ...

Change the preshared secret for the tunnels?

Reply to
Chad Mahoney

You could also change the peer IP address...

Reply to
Chad Mahoney

Yep, those would work. But isn't there command line instruction to disable a tunnel, or something in SDM that can be checkmarked? I really want to disable the tunnel, not just break it, so the router won't spend its time trying to re-establish the connection with a bogus ip or secret.

Maybe that's not possible, and breaking it is the only solution?

Reply to
ttripp

Changing most any parameter in the VPN config will give you what you're looking for, but if you don't want to touch the VPN portion of the config, then just add a statement to the applicable ACL ("external" interface) denying traffic to/from the remote peer IP address. Easy to add and remove over and over again for testing.

MikeG

Reply to
Mike Gauthier

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.