KB ID 0000586 Dtd 27/03/12
I’ve been asked this before and it came up on EE today, basically you have a site to site VPN tunnel and you either want to restart it or reset it.
Cisco ASA Reset ALL VPN Tunnels
1. Connect to your ASA, then to reset ALL your ISAKMP VPN tunnels use the following command;
In the example below I’ve reset ALL my tunnels. I had a constant ping running across the VPN, and it only dropped one packet before the tunnel established again.
WARNING: This will reset ALL ISAKMP VPN tunnels (both site to site, and client to gateway).
Cisco ASA Reset One VPN Tunnel
1. If you just want to reset one site to site VPN then you need to reset the IPSEC SA to the peer (IP Address of the other end of the tunnel). Use the following command;
clear ipsec sa peer X.X.X.X
Unlike above, in the example below I’ve reset just ONE tunnel. I had a constant ping running across the VPN, and it only dropped one packet before the tunnel established again.
Cisco ASA Check VPN Uptime
Just to prove this isn’t all smoke an mirrors, after the tunnel has re-connected you can check its uptime with the following command;
show vpn-sessiondb detail l2l
Related Articles, References, Credits, or External Links
Cisco ASA5500 Site to Site VPN from ASDM