Restarting VPN Tunnels on Cisco

In some rare cases, VPN Tunnels hang-up randomly and needs to be bounced or restarted to restart the VPN Tunnel negotiate that on some cases the easiest fix on VPN Down issues

Check Phase 1 Status of the Tunnel:

show crypto ipsec sa

Normal/UP status should show: QM_IDLE (More info on Status here)

vpn

Restarting VPN Tunnel

If you have multiple VPN Tunnels, Identify the peer IP of the tunnel you wish to Restart.

Usually, you can associate the ACL or IPSEC Policy that calls the peer IP and the

EXAMPLE:

crypto map CUSTOMER-VPN 24 ipsec-isakmp
description Customer24
set peer 122.122.122.122
set transform-set TR-3DES-SHA 256
match address VPN-Customer24

Restart the Tunnel:

clear crypto sa peer 122.122.122.122 (Clear all SAs for given crypto peer)

or

clear crypto session remote 122.122.122.122 (Clear crypto sessions for a remote IKE peer)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s