VPN Wired

Your Online Security Advisor

Nord_W

How to Reset the VPN Tunnel on a Cisco ASA?

Cisco ASA VPN Tunnel

Are you having some irritating connectivity issues because of your VPN tunnel? Or do you have any security concerns about your existing VPN connection? Don’t fret, all of these issues can be resolved by simply resetting the VPN Tunnel on a Cisco ASA. Here we’ll be discussing various methods that you can follow step-by-step, to reset your VPN Tunnel on a Cisco ASA. Not all of us might be familiar with the terminologies that will be talked about, so let’s do a quick overview before jumping to the methods. 

What is a VPN Tunnel?

A VPN Tunnel is an encrypted connection between two devices, in this case, a computer and a VPN server. This forms a secure and private connection between a computer and a VPN server on the internet, thus creating a virtual private network.

What is a Cisco ASA?

Cisco Adaptive Security Appliance (ASA) is a device that is used for providing network security and VPN connection. Simply put, Cisco ASA creates a VPN tunnel between two devices, in this case between a computer & a VPN server.

Now that our basics are clear let’s look at the various application methods we can use to reset a VPN tunnel on a Cisco ASA

How to reset all VPN Tunnels with ASA CLI

A simplistic yet overkill way of resetting your VPN tunnel on a Cisco ASA, here are the steps:

  1. Firstly, connect to your ASA
  2. You can easily do this via your web browser, console cable, ASDM Client software, or any decent Telnet client.
  3. Now, type in this command “clear crypto isakmp sa“, in the ASA CLI
  4. Press the enter key
  5. All your ISAKMP VPN tunnels will be reset & reestablished in a while
  6. By doing this all the VPN tunnels, site to site as well as the client to the gateway will be reset.

ISAKMP – Internet Security Association and Key Management Protocol

How to reset a single VPN Tunnel with ASA CLI

To do this, we need to reset the IPSEC SA to the peer, that is, the IP address of the device at the end of the tunnel.

  1. Connect to the ASA
  2. Now type the prompt “clear ipsec sa peer <insert peer IP address>” in the ASA CLI.
  3. It should look something like this “clear ipsec sa peer 321.234.123.432”
  4. Press enter
  5. The selected tunnel should be established soon enough
  • IPSEC – Internet Protocol Security
  • SA – Security Association

How to reset a single VPN Tunnel using a Cisco ASDM launcher

  1. On the computer, launch the Cisco ASDM launcher application.
  2. Log in with your credentials
  3. Navigate over to Configuration -> Remote access VPN -> Client network access -> AnyConnect connection profiles
  4. Here you’ll find the list of all your VPN tunnels
  5. Select the VPN tunnel you would like to reset
  6. Click on the reset button
  7. This will close that particular VPN tunnel & establish a new one within seconds

Additional tips

  • If this is your first time accessing your Cisco firewall & you haven’t changed the password then mostly it will be {blank} or cisco.
  • Just to make sure everything is working smoothly you can check the VPN uptime by inputting this command “show vpn-sessiondb detail 121
  • Make sure you are using one of the latest versions, as they provide more settings options for you to tinker with, compared to older versions.

Conclusion 

That’s all the quick & easy ways to reset VPN Tunnel on a Cisco ASA. The right method for you depends on your requirements & ease. Regardless, all of the above-mentioned methods are capable of resolving most of the issues that you may be facing, like low performance, connectivity issues, or security concerns.