SROS Command Line Interface Reference Guide

Enable Mode Command Set

 

 

clear crypto ipsec sa

Use the clear crypto ipsec sa command to clear existing IPSec security associations (SAs), including active ones.

Variations of this command include the following:

clear crypto ipsec sa

clear crypto ipsec sa entry <ip address> ah <SPI> clear crypto ipsec sa entry <ip address> esp <SPI> clear crypto ipsec sa map <map name>

clear crypto ipsec sa peer <ip address>

Syntax Description

entry <ip address>

Clear only the SAs related to a certain destination IP address.

ah <SPI>

Clear only a portion of the SAs by specifying the AH (authentication header)

 

protocol and a security parameter index (SPI). You can determine the correct SPI

 

value using the show crypto ipsec sa command.

esp <SPI>

Clear only a portion of the SAs by specifying the ESP (encapsulating security

 

payload) protocol and a security parameter index (SPI). You can determine the

 

correct SPI value using the show crypto ipsec sa command.

map <map name>

Clear only the SAs associated with the crypto map name given.

peer <ip address>

Clear only the SAs associated with the far-end peer IP address given.

Default Values

No default value necessary for this command.

Command Modes

#

Enable Command Mode

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

29

Page 28 Page 30
Page 29
Image 29
HP 7000 dl Router manual Clear crypto ipsec sa
Page 28 Page 30
Top Page Image Contents