Enable, Disable, Refresh, or Restart an IKE Gateway or IPSec Tunnel
Where Can I Use
This?
What Do I Need?
PAN-OS
No license required
You can enable, disable, refresh, or restart an IKE gateway or VPN tunnel to
make troubleshooting easier.
Enable or Disable an IKE Gateway or IPSec Tunnel
Enable or disable an IKE gateway or IPSec tunnel to make troubleshooting
easier.
Enable or disable an IKE gateway.
Select
Network
Network Profiles
IKE Gateways
and select the gateway you want to enable or
disable.
At the bottom of the screen, click
Enable
or
Disable
.
Enable or disable an IPSec tunnel.
Select
Network
IPSec Tunnels
and select the tunnel you want to enable or
disable.
At the bottom of the screen, click
Enable
or
Disable
.
Refresh or Restart an IKE Gateway or IPSec Tunnel
You can refresh or restart an IKE gateway or IPSec tunnel. The refresh and
restart behaviors for an IKE gateway and IPSec tunnel are as follows:
Phase
Refresh
Restart
IKE Gateway (IKE Phase 1)
Updates the onscreen statistics for the selected IKE
gateway.
Equivalent to issuing a second
show
command
in the CLI (after an initial
show
command).
Restarts the selected IKE gateway.
IKEv2
: Also restarts any associated child IPSec
security associations (SAs).
IKEv1
: Doesn’t restart the associated IPSec SAs.
A restart is disruptive to all existing sessions.
Equivalent to issuing a
clear
,
test
,
show
command sequence in the CLI.
IPSec Tunnel (IKE Phase 2)
Updates the onscreen statistics for the selected IPSec
tunnel.
Equivalent to issuing a second
show
command
in the CLI (after an initial
show
command).
Restarts the IPSec tunnel.
A restart is disruptive to all existing sessions.
Equivalent to issuing a
clear
,
test
,
show
command sequence in the CLI.
Keep in mind that the result of restarting an IKE gateway depends on whether its
IKEv1 or IKEv2.
Refresh or restart an IKE gateway.
Select
Network
IPSec Tunnels
and select the tunnel for the gateway you want to
refresh or restart.
In the row for that tunnel, under the Status column, click
IKE Info
.
At the bottom of the IKE Info screen, click the action you
want:
Refresh
—Updates the statistics on
the screen.
Restart
—Clears the SAs, so traffic
is dropped until the IKE negotiation starts over and the
tunnel is recreated.
Refresh or restart an IPSec tunnel.
You might determine that the tunnel needs to be refreshed or restarted
because you use the tunnel monitor to monitor the tunnel status, or you
use an external network monitor to monitor network connectivity through
the IPSec tunnel.
Select
Network
IPSec Tunnels
and select the tunnel you want to refresh or
restart.
In the row for that tunnel, under the Status column, click
Tunnel Info
.
At the bottom of the Tunnel Info screen, click the action you
want:
Refresh
—Updates the onscreen
statistics.
Restart
—Clears the SAs, so traffic
is dropped until the IKE negotiation starts over and the
tunnel is recreated.