HP 7102dl - ProCurve Secure Router Configuration Manual page 565

If you determine that a VPN connection has been established that should not
have been, you can enter one of these enable mode commands to terminate it:
Syntax: clear crypto ipsec sa entry <A.B.C.D> [ah | esp] <SPI>
Syntax: clear crypto ipsec sa peer <A.B.C.D>
Use the entry keyword to clear one of the SAs that displays when you enter
the show crypto ipsec sa command. You can also find the SPI and the
protocol in the display.
Use this command to clear all IPSec SAs established using a specific
crypto map:
Syntax: clear crypto ipsec sa map <mapname>
For example, if you change the security policies defined in a crypto map, you
must clear SAs already established using the map in order for the new settings
to take effect.
You can clear all IPSec SAs on the router with this command:
Syntax: clear crypto ipsec sa
To clear IKE SAs, enter this command:
Syntax: clear crypto ike sa [<policy number>]
If you only want to clear the IKE SAs associated with a particular IKE policy,
enter the number of that policy. For example, when you change the security
policies in an IKE policy, you should clear any SAs already established using
the old policies.
You can use show commands displayed in Table 10-22 to view:
IKE and IPSec SAs
IKE policies
transform sets
crypto maps
remote ID and preshared key list
client configuration pools
ACLs
Virtual Private Networks
Monitoring a VPN
10-71