Cisco Systems C7200 manual Step, Command, Purpose, Router# clear crypto sa spi destination-address

Step

Command

Purpose

Step 1

Router# enable

Enables privileged EXEC mode. Enter your password if

prompted.

Step 2

Router# configure terminal

Enters global configuration mode.

Step 3

Router(config)# crypto ipsec

Changes global lifetime values used when negotiating

security-association lifetime seconds seconds

IPSec security associations (SAs). To reset a lifetime to

the default value, use the no form of this command.

Specifies the number of seconds a security association

will live before expiring. The default is 3600 seconds (one

hour).

Step 4

Router(config)# crypto ipsec

Changes the global “traffic-volume” lifetime for IPSec

security-association lifetime kilobytes

SAs.

kilobytes

Specifies the volume of traffic (in kilobytes) that can pass

between IPSec peers using a given security association

before that security association expires. The default is

4,608,000 kilobytes.

Step 5

Router# clear crypto sa

(Optional) Clears existing security associations. This

or

causes any existing security associations to expire

immediately; future security associations will use the new

Router# clear crypto sa peer {ip-address

lifetimes. Otherwise, any existing security associations

peer-name}

will expire according to the previously configured

or

lifetimes.

Note Using the clear crypto sa command without

Router# clear crypto sa map map-name

parameters will clear out the full SA database,

or

which will clear out active security sessions. You

may also specify the peer, map, or spi keywords

Router# clear crypto sa spi destination-address

to clear out only a subset of the SA database. For

protocol spi

more information, see the clear crypto sa

command.

OL-9129-02

4-9