https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-bring-down-ipsec-tunnel-manually/ta-p/533772 <P>This Nominated Discussion Article is based on the post "<FONT color="#FF6600"><STRONG><A href="https://live.paloaltonetworks.com/t5/general-topics/bring-down-ipsec-tunnel-manually/m-p/532958" target="_blank" rel="noopener">Bring Down IPsec Tunnel Manually</A></STRONG></FONT>" by <STRONG><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/229126">@j.nepomuceno</a></STRONG> and responded to by <STRONG><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/77347">@TomYoung</a></STRONG> and <STRONG><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15603">@Raido_Rattameister</a></STRONG> . Read on to see the discussion and solution!</P> <P>&nbsp;</P> <P>&nbsp;</P> <DIV class="lia-message-template-content-zone"> <BLOCKQUOTE> <P>I am troubleshooting an issue where I need to bring down the IPsec tunnel manually, what is the best way to do this in GUI or CLI?<BR /><BR />Thanks</P> </BLOCKQUOTE> <P>&nbsp;</P> <P>Depending on whether you want to bounce the tunnel or actually disable it, you have different options.</P> <P>&nbsp;</P> <P>The following CLI commands will tear down the VPN tunnel (phase1 &amp; phase2 respectively):</P> <UL> <LI>Phase 1<BR /><LI-CODE lang="markup">&gt; clear vpn ike-sa gateway &lt;gw-name&gt;​</LI-CODE></LI> <LI>Phase 2<BR /><LI-CODE lang="markup">&gt; clear vpn ipsec-sa tunnel &lt;tunnel-name&gt;​</LI-CODE></LI> </UL> <P>&nbsp;</P> <P>Follow these steps to clear (bounce) a tunnel using the GUI:</P> <UL> <LI>Phase 1 <UL> <LI><STRONG>Goto Network &gt; IPsec</STRONG> tunnels and select your tunnel</LI> <LI>Click <STRONG>IKE-Info</STRONG></LI> <LI>At the bottom, click the action you want (Refresh or Restart)<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_0-1678370189717.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48583i54A51D1BC0488526/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_0-1678370189717.png" alt="kiwi_0-1678370189717.png" /></span> <P>&nbsp;</P> </LI> </UL> </LI> <LI>Phase 2 <UL> <LI><STRONG>Goto Network &gt; IPsec</STRONG> tunnels and select your tunnel</LI> <LI>Click <STRONG>Tunnel-Info</STRONG></LI> <LI>At the bottom, click the action you want (Refresh or Restart)<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_1-1678370393811.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48584i39596BF0B2CD3A42/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_1-1678370393811.png" alt="kiwi_1-1678370393811.png" /></span> <P>&nbsp;</P> </LI> </UL> </LI> </UL> <P>Instead of bouncing, you can also choose to <STRONG>disable/enable</STRONG> IKE gateways or IPsec tunnels.</P> <P>&nbsp;</P> <UL> <LI>Enable/Disable an IKE Gateway <UL> <LI>Go to Network <DIV style="display: inline;"> <DIV style="display: inline;">&nbsp;&gt; Network Profiles &gt; IKE Gateways and select the gateway in question.</DIV> <DIV style="display: inline;">&nbsp;</DIV> </DIV> </LI> <LI>Click Enable/Disable at the bottom of the screen<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_2-1678370792561.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48585iA0973FB4CB8AFDA9/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_2-1678370792561.png" alt="kiwi_2-1678370792561.png" /></span> <P>&nbsp;</P> </LI> </UL> </LI> <LI>Enable/Disable an IPsec tunnel <UL> <LI>Go to <STRONG>Network</STRONG> <DIV style="display: inline;"> <DIV style="display: inline;"><STRONG>&nbsp;&gt; IPSec Tunnels</STRONG> and select the tunnel in question</DIV> </DIV> </LI> <LI>Click <STRONG>Enable/Disable</STRONG> at the bottom of the screen<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_3-1678371019353.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48586i66C0900DA02858B6/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_3-1678371019353.png" alt="kiwi_3-1678371019353.png" /></span> <P>&nbsp;</P> </LI> </UL> </LI> </UL> <P><STRONG>For more information:</STRONG></P> <UL> <LI><STRONG><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVGCA0" target="_blank" rel="noopener">How to check Status, Clear, Restore, and Monitor an IPSEC VPN Tunnel</A></STRONG></LI> <LI><STRONG><A href="https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/set-up-tunnel-monitoring/enable-or-disable-an-ike-gateway-or-ipsec-tunnel" target="_blank" rel="noopener">Enable, Disable, Refresh, or Restart an IKE Gateway or IPSec Tunnel</A></STRONG></LI> <LI><STRONG><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC" target="_blank" rel="noopener">How to Troubleshoot IPSec VPN connectivity issues</A></STRONG></LI> </UL> </DIV> Tue, 05 Nov 2024 01:40:46 GMT kiwi 2024-11-05T01:40:46Z https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-bring-down-ipsec-tunnel-manually/ta-p/533772 <P>This Nominated Discussion Article is based on the post "<FONT color="#FF6600"><STRONG><A href="https://live.paloaltonetworks.com/t5/general-topics/bring-down-ipsec-tunnel-manually/m-p/532958" target="_blank" rel="noopener">Bring Down IPsec Tunnel Manually</A></STRONG></FONT>" by <STRONG><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/229126">@j.nepomuceno</a></STRONG> and responded to by <STRONG><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/77347">@TomYoung</a></STRONG> and <STRONG><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15603">@Raido_Rattameister</a></STRONG> . Read on to see the discussion and solution!</P> <P>&nbsp;</P> <P>&nbsp;</P> <DIV class="lia-message-template-content-zone"> <BLOCKQUOTE> <P>I am troubleshooting an issue where I need to bring down the IPsec tunnel manually, what is the best way to do this in GUI or CLI?<BR /><BR />Thanks</P> </BLOCKQUOTE> <P>&nbsp;</P> <P>Depending on whether you want to bounce the tunnel or actually disable it, you have different options.</P> <P>&nbsp;</P> <P>The following CLI commands will tear down the VPN tunnel (phase1 &amp; phase2 respectively):</P> <UL> <LI>Phase 1<BR /><LI-CODE lang="markup">&gt; clear vpn ike-sa gateway &lt;gw-name&gt;​</LI-CODE></LI> <LI>Phase 2<BR /><LI-CODE lang="markup">&gt; clear vpn ipsec-sa tunnel &lt;tunnel-name&gt;​</LI-CODE></LI> </UL> <P>&nbsp;</P> <P>Follow these steps to clear (bounce) a tunnel using the GUI:</P> <UL> <LI>Phase 1 <UL> <LI><STRONG>Goto Network &gt; IPsec</STRONG> tunnels and select your tunnel</LI> <LI>Click <STRONG>IKE-Info</STRONG></LI> <LI>At the bottom, click the action you want (Refresh or Restart)<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_0-1678370189717.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48583i54A51D1BC0488526/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_0-1678370189717.png" alt="kiwi_0-1678370189717.png" /></span> <P>&nbsp;</P> </LI> </UL> </LI> <LI>Phase 2 <UL> <LI><STRONG>Goto Network &gt; IPsec</STRONG> tunnels and select your tunnel</LI> <LI>Click <STRONG>Tunnel-Info</STRONG></LI> <LI>At the bottom, click the action you want (Refresh or Restart)<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_1-1678370393811.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48584i39596BF0B2CD3A42/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_1-1678370393811.png" alt="kiwi_1-1678370393811.png" /></span> <P>&nbsp;</P> </LI> </UL> </LI> </UL> <P>Instead of bouncing, you can also choose to <STRONG>disable/enable</STRONG> IKE gateways or IPsec tunnels.</P> <P>&nbsp;</P> <UL> <LI>Enable/Disable an IKE Gateway <UL> <LI>Go to Network <DIV style="display: inline;"> <DIV style="display: inline;">&nbsp;&gt; Network Profiles &gt; IKE Gateways and select the gateway in question.</DIV> <DIV style="display: inline;">&nbsp;</DIV> </DIV> </LI> <LI>Click Enable/Disable at the bottom of the screen<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_2-1678370792561.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48585iA0973FB4CB8AFDA9/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_2-1678370792561.png" alt="kiwi_2-1678370792561.png" /></span> <P>&nbsp;</P> </LI> </UL> </LI> <LI>Enable/Disable an IPsec tunnel <UL> <LI>Go to <STRONG>Network</STRONG> <DIV style="display: inline;"> <DIV style="display: inline;"><STRONG>&nbsp;&gt; IPSec Tunnels</STRONG> and select the tunnel in question</DIV> </DIV> </LI> <LI>Click <STRONG>Enable/Disable</STRONG> at the bottom of the screen<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_3-1678371019353.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48586i66C0900DA02858B6/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_3-1678371019353.png" alt="kiwi_3-1678371019353.png" /></span> <P>&nbsp;</P> </LI> </UL> </LI> </UL> <P><STRONG>For more information:</STRONG></P> <UL> <LI><STRONG><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVGCA0" target="_blank" rel="noopener">How to check Status, Clear, Restore, and Monitor an IPSEC VPN Tunnel</A></STRONG></LI> <LI><STRONG><A href="https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/set-up-tunnel-monitoring/enable-or-disable-an-ike-gateway-or-ipsec-tunnel" target="_blank" rel="noopener">Enable, Disable, Refresh, or Restart an IKE Gateway or IPSec Tunnel</A></STRONG></LI> <LI><STRONG><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC" target="_blank" rel="noopener">How to Troubleshoot IPSec VPN connectivity issues</A></STRONG></LI> </UL> </DIV> Tue, 05 Nov 2024 01:40:46 GMT https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-bring-down-ipsec-tunnel-manually/ta-p/533772 kiwi 2024-11-05T01:40:46Z