How to use the "vpn tu" command for VPN tunnel management?

Answer:

• vpn tu command shows the Security Gateway's Main IP address and not the VPN public IP address / Link Selection IP address. 

Procedure

Run one of the following commands from the command line Security gateway:

vpn tu or vpn tunnelutil 

This command will bring up a menu for you to choose from.

R77 Output

********** Select Option **********

(1)   List all IKE SAs
(2)   List all IPsec SAs
(3)   List all IKE SAs for a given peer (GW) or user (Client)
(4)   List all IPsec SAs for a given peer (GW) or user (Client)
(5)   Delete all IPsec SAs for a given peer (GW)
(6)   Delete all IPsec SAs for a given User (Client)
(7)   Delete all IPsec+IKE SAs for a given peer (GW)
(8)   Delete all IPsec+IKE SAs for a given User (Client)
(9)   Delete all IPsec SAs for ALL peers and users
(0)   Delete all IPsec+IKE SAs for ALL peers and users

(Q)   Quit

*******************************************

• If you are not certain what Phase 1 SAs are active on your gateway, select option 1 for all of them or option 3 if you know the IP address of the remote host involved with that SA. 
• If you are not certain what Phase 2 SAs are active on your gateway, select option 2 for all of them or option 4 if you know the IP address of the remote host involved with that SA. 
• Once you know which IKE or IPsec SAs exist on your gateway, select, according to this meu, options 5 through 0 to delete those SAs according to your needs.
• As a result, you can check what VPN tunnels are established, partially or fully, and existing VPN tunnels can be torn down, and required to re-establish their VPN connection.
• When viewing Security Associations for a specific peer, the IP address must be given in dotted decimal notation.