Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Georges_Orwell
New Contributor

Delete Tunnels

Hello all, I just created site to site tunnel to trainning but now i can' t delete it. Can you help me? Fortigate 200D Forti OS 5.2. Thank you Georges Orwell
1 Solution
FortiAdam
Contributor II

I find that the best way to discover references is by going to system > network > interfaces and enabling the references column. Common references include routes, firewall objects, firewall policies, and phase-2 vpn objects. For some reason when you view references from VPN > IP Sec > IKE it doesn' t always show all references (at least in 5.0.x).

View solution in original post

11 REPLIES 11
jorge9090
New Contributor

Is the tunnel interface-mode? or policy mode? There must be a policy or a route referencing that tunnel and it won' t let you delete it unless you delete those first. You can see this on the VPN > IP Sec > Auto Key (IKE) in the GUI. Try again when the Ref. is 0. Delete the Phase 2 first, then Phase 1.
FortiAdam
Contributor II

I find that the best way to discover references is by going to system > network > interfaces and enabling the references column. Common references include routes, firewall objects, firewall policies, and phase-2 vpn objects. For some reason when you view references from VPN > IP Sec > IKE it doesn' t always show all references (at least in 5.0.x).
hklb
Contributor II

Or maybe you add a IP address on your VPN interface..? If you don' t find the reference, you can backup your configuration and search the VPN interface name in your configuration.
Georges_Orwell
New Contributor

I don' t know what is difference between policy mode and interface mode. I' m newbees.
hklb
Contributor II

Add the colomn " ref" and you will see how it is used (on the right, you will see a number. Clic on it and you will the the reference)
Georges_Orwell
New Contributor

Thank you for your response. I found the reference and the sub interface that is created. But can' t never delete this vpn site to site config...
hklb
Contributor II

delete phase 2 : in CLI : config vpn ipsec phase2-interface delete YouPhase2 normally, you shoud able to delete your Phase1.
Georges_Orwell
New Contributor

Thanks hklb, i removed all phase2 as you say me. But in the GUI i' m not able to delete all tunnels. Any other idea ? Georges
Christopher_McMullan

IPSec VPNs can be referenced by: -Phase 2 SAs -address objects -VIPs -DHCP server scopes (for client dial-up tunnels) -routes In your case, I' d ensure there are no remaining static routes as the most obvious possibility. In the GUI: Router > Static > Static, or if the Advanced Routing feature is disabled, then System > Network > Routes (from memory). In the CLI: sh router static

Regards, Chris McMullan Fortinet Ottawa

Labels
Top Kudoed Authors