Command Reference Guide
SROS Command Line Interface Reference Guide Enable Mode Command Set
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 29
clear crypto ipsec sa
Use the clear crypto ipsec sa command to clear existing IPSec security associations (SAs), including
active ones.
Variations of this command include the following:
clear crypto ipsec sa
clear crypto ipsec sa entry <ip address> ah <SPI>
clear crypto ipsec sa entry <ip address> esp <SPI>
clear crypto ipsec sa map <map name>
clear crypto ipsec sa peer <ip address>
Syntax Description
entry
<ip address>
Clear only the SAs related to a certain destination IP address.
ah
<SPI>
Clear only a portion of the SAs by specifying the AH (authentication header)
protocol and a security parameter index (SPI). You can determine the correct SPI
value using the show crypto ipsec sa command.
esp
<SPI>
Clear only a portion of the SAs by specifying the ESP (encapsulating security
payload) protocol and a security parameter index (SPI). You can determine the
correct SPI value using the show crypto ipsec sa command.
map
<map name>
Clear only the SAs associated with the crypto map name given.
peer
<ip address>
Clear only the SAs associated with the far-end peer IP address given.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode