Clearing crypto map configurations, Supporting the nokia vpn client – Cisco ASA 5505 User Manual
Page 1387
64-35
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 64 Configuring IPsec and ISAKMP
Clearing Crypto Map Configurations
Clearing Crypto Map Configurations
The clear configure crypto command includes arguments that let you remove elements of the crypto
configuration, including IPsec, crypto maps, dynamic crypto maps, CA trustpoints, all certificates,
certificate map configurations, and ISAKMP.
Be aware that if you enter the clear configure crypto command without arguments, you remove the
entire crypto configuration, including all certificates.
For more information, see the clear configure crypto command in the command reference.
Supporting the Nokia VPN Client
The ASA supports connections from Nokia VPN clients on Nokia 92xx Communicator series phones
using the Challenge/Response for Authenticated Cryptographic Keys (CRACK) protocol. CRACK is
ideal for mobile IPsec-enabled clients that use legacy authentication techniques instead of digital
certificates. It provides mutual authentication when the client uses a legacy-based secret-key
authentication technique such as RADIUS and the gateway uses public-key authentication.
The Nokia back-end services must be in place to support both Nokia clients and the CRACK protocol.
This requirement includes the Nokia Security Services Manager (NSSM) and Nokia databases as shown
in
clear configure crypto map
Removes all crypto maps. Includes keywords that let you
remove specific crypto maps.
clear configure crypto isakmp
Removes the entire ISAKMP configuration.
clear configure crypto isakmp policy
Removes all ISAKMP policies or a specific policy.
clear crypto isakmp sa
Removes the entire ISAKMP SA database.
Table 64-7
Commands to Clear and Reinitialize IPsec SAs (continued)
Command
Purpose