IPSec Clear and Show Commands
14-108 Configuring the VPN

IPSec Clear and Show Commands

clear crypto sa

ThiscommanddeletesIPSecSecurityAssociations(SAs)asfollows:
•IftheSAswereestablishedviaIKE,theyaredeletedandfutureIPSectrafficwillrequirenew
SAstobenegotiated.(WhenIKEisused,theIPSecSAsareestablishedonlywhenneeded.)
•ThepeerkeyworddeletesanyIPSecSAsforthespecifiedpeer.
•ThemapkeyworddeletesanyIPSecSAsforthenamedcryptomapset.
•ThecounterskeywordsimplyclearsthetrafficcountersmaintainedforeachSA;itdoesnot
cleartheSAsthemselves.
Syntax
clear crypto sa
clear crypto sa peer {ip-address | peer-name}
clear crypto sa map map-name
clear crypto sa counters
Default
Ifpeer,map,orcounterskeywordsarenotused,allIPSecSAsaredeleted.
Mode
PrivilegedEXEC:XSR#
Example
ThefollowingexampleclearstheSAcountersforallpeers:
XSR#clear crypto sa counters

show access-lists

ThiscommandshowsoneorallaccesslistsdefinedintheXSR.Alternatively,youcanviewthe
packetthresholdafterwhichtheACLviolationslogistriggered.
Syntax
show access-lists number log-update-threshold
Note: If there are many thousands of tunnels in use, this command will use as many system
resources as are available for as long as necessary to complete the task, making the XSR appear
“frozen.”
ip-address SpecifyaremotepeerʹsIPaddress.
peer-name Specifyaremotepeerʹsnameasthefullyqualifieddomainname.
map-name Specifythenameofacryptomapset.