clear crypto sa




clear crypto sa

clear crypto sa peer {ip-address | peer-name}

clear crypto sa map map-name

clear crypto sa entry destination-address protocol spi

clear crypto sa counters

Syntax Description:

peer Deletes any IPSec security associations for the specified peer.
ip-address Specifies a remote peer's IP address.
peer-name Specifies a remote peer's name as the fully qualified domain name, for example
map Deletes any IPSec security associations for the named crypto map set.
map-name Specifies the name of a crypto map set.
entry Deletes the IPSec security association with the specified address, protocol, and SPI.
destination-address Specifies the IP address of your peer or the remote peer.
protocol Specifies either the Encapsulation Security Protocol or Authentication Header.
spi Specifies an SPI (found by displaying the security association database).
counters Clears the traffic counters maintained for each security association; counters does not clear the security associations themselves.

Command Description:

To delete IP Security security associations, use the clear crypto sa EXEC command.


The following example clears (and reinitializes if appropriate) all IPSec security associations at the router:

Router#clear crypto sa

The following example clears (and reinitializes if appropriate) the inbound and outbound IPSec security associations established along with the security association established for address using the AH protocol with the SPI of 256:

Router#clear crypto sa entry AH 256



Related commands:


� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)