We are having a IPsec/GRE VPN tunnel issue at work. Our vendor told me he "forced a rekey" and everything started working again. He alluded to a command to this, but didn't tell me the exact one. Does anyone know how to force a IPSec VPN to rekey?
Cisco – How to force a Cisco 2811 to rekey
ciscoipsec
Related Topic
- Cisco – Phase 2 Mismatch when connecting Windows 7 to ASA5505 VPN
- Firewall – What can an ISP do to block IPSEC traffic
- Cisco – IPsec tunnel keep crashing
- Cisco ASA ipsec IKEv1 remote access for Avaya VPN phone – no client address assigned
- Cisco 2901 – IPSec VPN Maxing CPU
- Cisco – Linux GRE keep alive
- Cisco IPsec VPN with key-id on a specific tunnel only
- Strongswan Routing Table – How to Set Source IP
Best Answer
I can't recall ever seeing anything to force a rekey; he may have just cleared the security association and let it build a new one.
clear crypto sa peer x.x.x.x
will keep the phase 1 and rebuild phase 2,clear crypto isakmp id
with the id fromshow crypto isakmp sa
will reset the whole tunnel.