Clear IPSec Tunnel for VPN’s

On the firewall issue the command vpn tu or vpn tunnelutil. This will bring up the following options:

(exception in NGX there is an addition option to Delete User with IPsec)

Select Option
(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given peer (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given peer (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users
(Q) Quit

You can select either option #7 and put in the remote side IP address or you can select option #0 and delete all the tunnels IPsec and IKE SAs. This will delete the IPsec and IKE SAs and this will send a delete IKE SA packet to the remote side telling it to take down the existing tunnel. (Be careful with the use of Option 0). This should only be used if all VPN’s are having problems.

Leave a Reply