Clears all or specific IPSec SAs (Security Association structures).
Syntax
clear crypto sa [all | list crypto_list_id | peer peer_ip_address | spi peer_ip_address esp spi number]
Parameters
Parameter
Description
Possible Values
Default Value
all
Keyword specifying that all IPSec SAs should be cleared
list
Keyword specifying that all crypto IPSec SAs associated with crypto_list_id should be cleared
peer
Keyword specifying that all crypto IPSec SAs associated with crypto peer having the address peer_ip_address should be cleared
spi
Keyword specifying that all crypto IPSec SAs associated with peer_ip_address and spi should be cleared. SPI is the ID of a specific SA, and can be learned by running show crypto ipsec sa.
User level
read-write
Context
general
Examples
To clear all IPSec SAs:
Gxxx-001(super)# clear crypto sa all
To clear IPSec SA with peer IP address 1.0.0.2 and SPI number 70045:
Gxxx-001(super)# clear crypto sa spi 1.0.0.2 esp 70045
