Support Center > Search Results > SecureKnowledge Details
How to use the "vpn tu" command for VPN tunnel management
Solution

Notes: 

  • Using this utility in production may cause the disconnection of active VPN connections if you choose the wrong option or pass the utility incorrect information.
  • vpn tu command shows the Security Gateway's Main IP address and not the VPN public IP address / Link Selection IP address. 


Procedure

Run one of the following commands from the command line Security gateway:

vpn tu
or
vpn tunnelutil

This command will bring up a menu for you to choose from.

Example of R77 menu:

********** Select Option **********

(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users

(Q) Quit

*******************************************

  • If you are not certain what Phase 1 SAs are active on your gateway, select option 1 for all of them or option 3 if you know the IP address of the remote host involved with that SA. 
  • If you are not certain what Phase 2 SAs are active on your gateway, select option 2 for all of them or option 4 if you know the IP address of the remote host involved with that SA. 
  • Once you know which IKE or IPsec SAs exist on your gateway, select, according to this meu, options 5 through 0 to delete those SAs according to your needs.
    As a result, you can check what VPN tunnels are established, partially or fully, and existing VPN tunnels can be torn down, and required to re-establish their VPN connection.
  • When viewing Security Associations for a specific peer, the IP address must be given in dotted decimal notation.


Related solutions:

sk33393 - Unable to delete VPN tunnel on VSX using "vpn tu" utility

sk37363 - "vpn tu" command does not work properly

Applies To:
  • sk115028 has been merged into sk33853

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment