27-27
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 27 Configuring IPSec and ISAKMP
Clearing Security Associations
Clearing Security Associations
Certain configuration changes take effect only during the negotiation of subsequent SAs. If you want the
new settings to take effect immediately, clear the existing SAs to reestablish them with the changed
configuration. If the security appliance is actively processing IPSec traffic, clear only the portion of the
SA database that the configuration changes affect. Reserve clearing the full SA database for large-scale
changes, or when the security appliance is processing a small amount of IPSec traffic.
Table 27-6 lists commands you can enter to clear and reinitialize IPSec SAs.
Clearing Crypto Map Configurations
The clear configure crypto command includes arguments that let you remove elements of the crypto
configuration, including IPSec, crypto maps, dynamic crypto maps, CA trustpoints, all certificates,
certificate map configurations, and ISAKMP.
Table 27-5 Commands to View IPSec Configuration Information
Command Purpose
show running-configuration crypto Displays the entire crypto configuration,
including IPSec, crypto maps, dynamic crypto
maps, and ISAKMP.
show running-config crypto ipsec Displays the complete IPSec configuration.
show running-config crypto isakmp Displays the complete ISAKMP configuration.
show running-config crypto map Displays the complete crypto map configuration.
show running-config crypto dynamic-map Displays the dynamic crypto map configuration.
show all crypto map View all of the configuration parameters,
including those with default values.
Table 27-6 Commands to Clear and Reinitialize IPSec SAs
Command Purpose
clear configure crypto Removes an entire crypto configuration, including IPSec,
crypto maps, dynamic crypto maps, and ISAKMP.
clear configure crypto ca trustpoint Removes all trustpoints.
clear configure crypto dynamic-map Removes all dynamic crypto maps. Includes keywords that
let you remove specific dynamic crypto maps.
clear configure crypto map Removes all crypto maps. Includes keywords that let you
remove specific crypto maps.
clear configure crypto isakmp Removes the entire ISAKMP configuration.
clear configure crypto isakmp policy Removes all ISAKMP policies or a specific policy.
clear crypto isakmp sa Removes the entire ISAKMP SA database.
To Next Page
Loading...
Need help?
General