EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1588 background imageLoading...
Page #1588 background image
1-38
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring IPsec and ISAKMP
Clearing Security Associations
Clearing Security Associations
Certain configuration changes take effect only during the negotiation of subsequent SAs. If you want the
new settings to take effect immediately, clear the existing SAs to reestablish them with the changed
configuration. If the ASA is actively processing IPsec traffic, clear only the portion of the SA database
that the configuration changes affect. Reserve clearing the full SA database for large-scale changes, or
when the ASA is processing a small amount of IPsec traffic.
Table 1-7 lists commands you can enter to clear and reinitialize IPsec SAs in either single or multiple
context mode.
Table 1-6 Commands to View IPsec Configuration Information
Command Purpose
show running-configuration crypto Displays the entire crypto configuration,
including IPsec, crypto maps, dynamic crypto
maps, and ISAKMP.
show running-config crypto ipsec Displays the complete IPsec configuration.
show running-config crypto isakmp Displays the complete ISAKMP configuration.
show running-config crypto map Displays the complete crypto map configuration.
show running-config crypto dynamic-map Displays the dynamic crypto map configuration.
show all crypto map Displays all of the configuration parameters,
including those with default values.
show crypto ikev2 sa detail Shows the Suite B algorithm support in the
Encryption statistics.
show crypto ipsec sa Shows the Suite B algorithm support and the
ESPv3 IPsec output in either single or multiple
context mode.
show ipsec stats Shows information about the IPsec subsystem in
either single or multiple context mode. ESPv3
statistics are shown in TFC packets and valid and
invalid ICMP errors received.
Table 1-7 Commands to Clear and Reinitialize IPsec SAs
Command Purpose
clear configure crypto Removes an entire crypto configuration, including IPsec,
crypto maps, dynamic crypto maps, and ISAKMP.
clear configure crypto ca trustpoint Removes all trustpoints.
clear configure crypto dynamic-map Removes all dynamic crypto maps. Includes keywords that
let you remove specific dynamic crypto maps.
clear configure crypto map Removes all crypto maps. Includes keywords that let you
remove specific crypto maps.
clear configure crypto isakmp Removes the entire ISAKMP configuration.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals