Flushing Installed Sa Table - MikroTik RouterOS v2.9 Reference Manual

auth-algorithm ( multiple choice, read-only: none | md5 | sha1 ) - authentication algorithm used in
SA
auth-key ( read-only: text ) - authentication key presented in form of hex string
current-addtime ( read-only: text ) - time when this SA was installed
current-bytes ( read-only: integer ) - amount of data processed by this SA's crypto algorithms
current-usetime ( read-only: text ) - time when this SA was first used
direction ( multiple choice, read-only: in | out ) - SA direction
dst-address ( read-only: IP address ) - destination address of SA taken from respective policy
enc-algorithm ( multiple choice, read-only: none | des | 3des | aes ) - encryption algorithm used in
SA
enc-key ( read-only: text ) - encryption key presented in form of hex string (not applicable to AH
SAs)
lifebytes ( read-only: integer ) - soft/hard expiration threshold for amount of processed data
replay ( read-only: integer ) - size of replay window presented in bytes. This window protects the
receiver against replay attacks by rejecting old or duplicate packets.
spi ( read-only: integer ) - SPI value of SA, represented in hexadecimal form
src-address ( read-only: IP address ) - source address of SA taken from respective policy
state ( multiple choice, read-only: larval | mature | dying | dead ) - SA living phase
use-lifetime ( read-only: time ) - soft/hard expiration time counted from the first use of SA
Example
Sample printout looks as follows:
[admin@WiFi] ip ipsec> installed-sa print
Flags: A - AH, E - ESP, P - pfs, M - manual
0 E spi=E727605 direction=in src-address=10.0.0.148
dst-address=10.0.0.147 auth-algorithm=sha1 enc-algorithm=3des
replay=4 state=mature
auth-key="ecc5f4aee1b297739ec88e324d7cfb8594aa6c35"
enc-key="d6943b8ea582582e449bde085c9471ab0b209783c9eb4bbd"
add-lifetime=24m/30m use-lifetime=0s/0s lifebytes=0/0
current-addtime=jan/28/2003 20:55:12
current-usetime=jan/28/2003 20:55:23 current-bytes=128
1 E spi=E15CEE06 direction=out src-address=10.0.0.147
dst-address=10.0.0.148 auth-algorithm=sha1 enc-algorithm=3des
replay=4 state=mature
auth-key="8ac9dc7ecebfed9cd1030ae3b07b32e8e5cb98af"
enc-key="8a8073a7afd0f74518c10438a0023e64cc660ed69845ca3c"
add-lifetime=24m/30m use-lifetime=0s/0s lifebytes=0/0
current-addtime=jan/28/2003 20:55:12
current-usetime=jan/28/2003 20:55:12 current-bytes=512
[admin@WiFi] ip ipsec>

Flushing Installed SA Table

Command name: /ip ipsec installed-sa flush
Description
Sometimes after incorrect/incomplete negotiations took place, it is required to flush manually the
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
Page 311 of 695