How can I reset a VPN tunnel on a Cisco ASA?

  • On a site-to-site VPN using a ASA 5520 and 5540, respectively, I noticed that from time to time traffic doesn't pass any more, sometimes just there's even missing traffic just for one specific traffic selection / ACL while other traffic over the same VPN is running. It happens even though there's a constant ping running. The reason might be that it runs over a satellite link which isn't perfectly stable.

    How can I reset the VPN to the working state, instead of reloading one of the ASAs?

  • Stefan

    Stefan Correct answer

    9 years ago

    The VPN can be reset by entering

    clear crypto ipsec sa peer <remote-peer-IP>

    on one side. The following traffic will cause the IPSEC tunnel to be reestablished.

    You can do it on your side, entering the remote IP. Or login to the remote site, but possibly you have to do it outside the VPN, so using a different interface, for example using the public IP instead of the IP to which you connect through the tunnel.

    There will be a short VPN outage while reestablishing the tunnel. After entering that command, ensure that the tunnel is up again, such as doing a ping through it.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM