Clearing Security Associations - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 27
Configuring IPSec and ISAKMP
Table 27-5
Command
show running-configuration crypto
show running-config crypto ipsec
show running-config crypto isakmp
show running-config crypto map
show running-config crypto dynamic-map
show all crypto map
Clearing Security Associations
Certain configuration changes take effect only during the negotiation of subsequent SAs. If you want the
new settings to take effect immediately, clear the existing SAs to reestablish them with the changed
configuration. If the security appliance is actively processing IPSec traffic, clear only the portion of the
SA database that the configuration changes affect. Reserve clearing the full SA database for large-scale
changes, or when the security appliance is processing a small amount of IPSec traffic.
Table 27-6
Table 27-6
Command
clear configure crypto
clear configure crypto ca trustpoint
clear configure crypto dynamic-map
clear configure crypto map
clear configure crypto isakmp
clear configure crypto isakmp policy
clear crypto isakmp sa
Clearing Crypto Map Configurations
The clear configure crypto command includes arguments that let you remove elements of the crypto
configuration, including IPSec, crypto maps, dynamic crypto maps, CA trustpoints, all certificates,
certificate map configurations, and ISAKMP.
OL-10088-01
Commands to View IPSec Configuration Information
lists commands you can enter to clear and reinitialize IPSec SAs.
Commands to Clear and Reinitialize IPSec SAs
Purpose
Displays the entire crypto configuration,
including IPSec, crypto maps, dynamic crypto
maps, and ISAKMP.
Displays the complete IPSec configuration.
Displays the complete ISAKMP configuration.
Displays the complete crypto map configuration.
Displays the dynamic crypto map configuration.
View all of the configuration parameters,
including those with default values.
Purpose
Removes an entire crypto configuration, including IPSec,
crypto maps, dynamic crypto maps, and ISAKMP.
Removes all trustpoints.
Removes all dynamic crypto maps. Includes keywords that
let you remove specific dynamic crypto maps.
Removes all crypto maps. Includes keywords that let you
remove specific crypto maps.
Removes the entire ISAKMP configuration.
Removes all ISAKMP policies or a specific policy.
Removes the entire ISAKMP SA database.
Cisco Security Appliance Command Line Configuration Guide
Clearing Security Associations
27-27
Advertisement
Table of Contents
Troubleshooting
