Command:

clear crypto sa

Mode:

Router>
Router#


Syntax:

clear crypto sa

clear crypto sa peer {ip-address | peer-name}

clear crypto sa map map-name

clear crypto sa entry destination-address protocol spi

clear crypto sa counters


Syntax Description:

peer Deletes any IPSec security associations for the specified peer.
ip-address Specifies a remote peer's IP address.
peer-name Specifies a remote peer's name as the fully qualified domain name, for example remotepeer.example.com.
map Deletes any IPSec security associations for the named crypto map set.
map-name Specifies the name of a crypto map set.
entry Deletes the IPSec security association with the specified address, protocol, and SPI.
destination-address Specifies the IP address of your peer or the remote peer.
protocol Specifies either the Encapsulation Security Protocol or Authentication Header.
spi Specifies an SPI (found by displaying the security association database).
counters Clears the traffic counters maintained for each security association; counters does not clear the security associations themselves.

Command Description:

To delete IP Security security associations, use the clear crypto sa EXEC command.


Example:

The following example clears (and reinitializes if appropriate) all IPSec security associations at the router:

Router#clear crypto sa

The following example clears (and reinitializes if appropriate) the inbound and outbound IPSec security associations established along with the security association established for address 10.0.0.1 using the AH protocol with the SPI of 256:

Router#clear crypto sa entry 10.0.0.1 AH 256


Misconceptions:

None.


Related commands:

None.

� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)