clear crypto ipsec sa
To delete specific security associations (SAs), or all SAs in the IP Security (IPSec) security associations database (SADB), use the clear crypto ipsec sa command.
clear crypto ipsec sa {sa-id | all | counters | {sa-id | all} | interface tunnel-ipsec}
Syntax Description
sa-id |
Identifier for the SA. IPSec supports from 1 to 64,500 sessions. |
all |
Deletes all IPSec SAs in the IPSec SADB. |
counters |
Clears the counters in the IPSec SADB. |
interface |
Clears the interfaces in the IPSec SADB. |
tunnel-ipsec |
The range of tunnel-ipsec is <0-4294967295>. |
Command Default
No default behavior or values
Command Modes
EXEC
Command History
Release |
Modification |
---|---|
Release 7.0.12 |
This command was introduced. |
Usage Guidelines
SAs are established to secure data flows in IPSec. Use the clear crypto ipsec sa command to delete active IPSec sessions or force IPSec to reestablish new SAs. Usually, the establishment of SAs is negotiated between peers through Internet Key Exchange (IKE) on behalf of IPSec.
Task ID
Task ID |
Operations |
---|---|
crypto |
execute |
Examples
The following example shows how to remove the SA with ID 100 from the SADB:
RP/0/RP0RSP0/CPU0:router# clear crypto ipsec sa 100