Clear crypto ipsec sa – ADTRAN 5000 Series User Manual

Command Reference Guide

Enable Mode Command Set

61200990L1-35E

Copyright © 2005 ADTRAN

45

clear crypto ipsec sa

Use the clear crypto ipsec sa command to clear existing IPSec security associations (SAs), including
active ones.

Variations of this command include the following:

clear crypto ipsec sa

clear crypto ipsec sa entry <ip address> ah <SPI>

clear crypto ipsec sa entry <ip address> esp <SPI>

clear crypto ipsec sa map <map name>

clear crypto ipsec sa peer <ip address>

Syntax Description

entry <ip address>

Clears only the SAs related to a certain destination IP address.

ah <SPI>

Clears only a portion of the SAs by specifying the authentication header (AH)
protocol and a security parameter index (SPI). You can determine the correct SPI
value using the show crypto ipsec sa command.

esp <SPI>

Clears only a portion of the SAs by specifying the encapsulating security payload
(ESP) protocol and an SPI. You can determine the correct SPI value using the
show crypto ipsec sa command.

map <map name>

Clears only the SAs associated with the crypto map name given.

peer <ip address>

Clears only the SAs associated with the far-end peer IP address given.

Default Values

No default value necessary for this command.

Applicable Platforms

This command applies to the NetVanta 300, 1000R, 2000, 3000, 4000, and 5000 and Total Access 900
Series units.

Command History

Release 4.1

Command was introduced.