How to use the "vpn tu" command for VPN tunnel management

SYMPTOMS

Disconnect an established VPN tunnel View SA of established VPN tunnel(s)

SOLUTION

Note: Using this utility in production can cause the disconnection of active, important VPN connections into your gateway, if you choose the wrong option or pass the utility incorrect information. Procedure :On the commandline of your FW-1 gateway run one of the following commands: vpn tu or vpn tunnelutil This command will bring up a menu for you to choose from. The R65 menu is as follows: ********** Select Option ********** (1) List all IKE SAs (2) List all IPsec SAs (3) List all IKE SAs for a given peer (GW) or user (Client) (4) List all IPsec SAs for a given peer (GW) or user (Client) (5) Delete all IPsec SAs for a given peer (GW) (6) Delete all IPsec SAs for a given User (Client) (7) Delete all IPsec+IKE SAs for a given peer (GW) (8) Delete all IPsec+IKE SAs for a given User (Client) (9) Delete all IPsec SAs for ALL peers and users (0) Delete all IPsec+IKE SAs for ALL peers and users (Q) Quit ******************************************* - If you are not certain what Phase 1 SAs are active on your gateway, select option 1 for all of them or option 3 if you know the IP address of the remote host involved with that SA. - If you are not certain what Phase 2 SAs are active on your gateway, select option 2 for all of them or option 4 if you know the IP address of the remote host involved with that SA. - Once you know which IKE or IPsec SAs exist on your gateway you can then select, according to this meu, options 5 through 0 to delete those SAs according to your needs.Result: The result will be that you can check what VPN tunnels are established, partially or fully, and existing VPN tunnels can be torn down, and required to reestablish their VPN connection. --------------------------------------------------------------------