Restarting VPN Tunnels on Cisco

In some rare cases, VPN Tunnels hang-up randomly and needs to be bounced or restarted to restart the VPN Tunnel negotiate that on some cases the easiest fix on VPN Down issues

Check Phase 1 Status of the Tunnel:

show crypto ipsec sa

Normal/UP status should show: QM_IDLE (More info on Status here)


Restarting VPN Tunnel

If you have multiple VPN Tunnels, Identify the peer IP of the tunnel you wish to Restart.

Usually, you can associate the ACL or IPSEC Policy that calls the peer IP and the


crypto map CUSTOMER-VPN 24 ipsec-isakmp
description Customer24
set peer
set transform-set TR-3DES-SHA 256
match address VPN-Customer24

Restart the Tunnel:

clear crypto sa peer (Clear all SAs for given crypto peer)


clear crypto session remote (Clear crypto sessions for a remote IKE peer)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s