#####PALO ALTO
—–GUI:
Refresh or restart an IKE gateway.
1. Select Network > IPSec Tunnels and select the tunnel for the gateway you want to refresh or restart.
2. In the row for that tunnel, under the Status column, click IKE Info.
3. At the bottom of the IKE Info screen, click the action you want:
Refresh – Updates the statistics on the screen.
Restart – Clears the SAs, so traffic is dropped until the IKE negotiation starts over and the tunnel is recreated.
Refresh or restart an IPSec tunnel.
You might determine that the tunnel needs to be refreshed or restarted because you use the tunnel monitor to monitor the tunnel status, or you use an external network monitor to monitor network connectivity through the IPSec tunnel.
1. Select Network > IPSec Tunnels and select the tunnel you want to refresh or restart.
2. In the row for that tunnel, under the Status column, click Tunnel Info.
3. At the bottom of the Tunnel Info screen, click the action you want:
Refresh – Updates the onscreen statistics.
Restart – Clears the SAs, so traffic is dropped until the IKE negotiation starts over and the tunnel is recreated.
—–CLI:
Phase 1:
clear vpn ike-sa gateway
Phase 2:
clear vpn ipsec-sa tunnel
Verify Phase1:
show vpn ike-sa
Verify Phase 2:
show vpn ipsec-sa
Check Encryption and Decryption (encap/decap) across tunnel:
show vpn flow name {VPN-TUNNEL}
#####CISCO ASA
—–CLI:
Phase 1 ISAKMP:
clear crypto isakmp sa
Phase 2 IPSec:
clear crypto ipsec sa {PEER-IP}
Verify Phase 1:
sh isakmp sa
Verify Phase 2:
sh ipsec sa peer {PEER-IP}
Check Encryption and Decryption (encap/decap) across tunnel:
sh ipsec sa peer {PEER-IP}