Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

VPN Tunnel Deletion

I have a VPN Tunnel to SA which I deleted by removing the gateway and the community. I also disabled the related firewall rules. I also deleted the IKE SA + IPsec SA using vpn tu and rechecked with vpn shell.

However there is a switch which was part of the SA encryption domain which is still of use for me.

I need to monitor the snmp for the switch. This snmp must go via a different snmp tunnel. So now in the firewall rule I have -

Src - SNMP tunnel encryption domain

Dst - Switch

VPN - SNMP tunnel

Services - Any

However, I am getting logs of packet dropped with IKE failure of the VPN peer gateway of the SA tunnel which has no element on the firewall. How can I resolve this?

0 Kudos
5 Replies
Highlighted
Admin
Admin

Do you manage the other end of the VPN?
If not, did they remove the VPN configuration as well?
0 Kudos
Highlighted
Ivory

No, I do not manage the other end of the tunnel.

They asked me to remove the tunnel from the firewall as it was now redirected to another site. Their end of the tunnel is up but now the tunnel SA is with another site firewall.

Will it help if I stop advertising the routes from the SA site?

 

0 Kudos
Highlighted
Admin
Admin

I would assume so, yes, especially if those routes are causing the traffic to be redirected to a VPN.
Why can't they remove the VPN configuration on the other end?
0 Kudos
Highlighted
Ivory

They cannot remove the configuration at the other end as it is being reused to create tunnel with another site which is nearer to original SA vpn site. 

0 Kudos
Highlighted
Ivory

Hello,

Thank you for your help. Removing the routes resolved the issue.

 

0 Kudos