Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RGMConsulting
New Contributor

Remove IPSEC Tunnel

I am having a difficult time with one of my tunnels and I wanted to remove it and recreate it. When I try to remove it the delete button is greyed out. Under the references, it comes up with the Phase 2 Selector and Sniffer and I can't seem to get rid of them so I can delete the tunnel. What can I do to get rid of those either from the GUI or the CLI? 

4 REPLIES 4
Toshi_Esumi
Esteemed Contributor III

You need to resolve those dependencies you can see in the GUI as "Ref" before you can delete an vpn. It must be showing the number of reference. Just click it. Now it should show all of those places where the tunnel is referenced. Some of those paces would have their own dependencies/references. If not '0', click it again to see the references of the references. Then repeat the process until you see '0', then you can remove the reference point. 

And start coming back up from the bottom to remove the entire trees.

But just be careful if those references are referring not only the one you want to remove but something else as well. In that case, you shouldn't remove it completely but removing the particular one from the members of the object. ex) If you have a zone to bind multiple VPNs to use it in just one pair of policy, you need to keep the zone for other vpns but remove the one from the members.

RGMConsulting

In particular, I am having trouble removing the Phase 2 negotiator. I don't have the option of removing it from the config and I'm not sure how to get rid of it.

Toshi_Esumi
Esteemed Contributor III

You're probably trying to do something I'm not expecting. Can you share the screen shot after cropping out only the portion? In my GUI with 6.0.6, there is no "Phase 2 negotiator". I can delete the phase2-interface config just one right-click and "Delete" in the pull-down menu.

ede_pfau
Esteemed Contributor III

'Sniffer' ???

What kind of config did you put onto that VPN?

You need to remove all references first, then you can delete the IPsec setup for this tunnel.

Grab the config file and grep for the tunnel (ph1 and ph2) names. If used, it will come up.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors