Solved

Cisco PIX 7.1(1) clearing / dropping / killing / logout a specific isakmp point to point tunnel

Posted on 2006-06-15
3
396 Views
Last Modified: 2013-11-16
Hi:  When you do a

show isakmp sa

you get something back like

73  IKE Peer: 111.222.111.222
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE

There is a clear isakmp sa command but it will clear ALL isakmp sessions.  Is there any way to clear just the one (#73) session in this case?

Thanks in advance
0
Comment
Question by:ort11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
renill earned 250 total points
ID: 16919357
clear ipsec sa

To clear IPSec SAs entirely or based on specified parameters, use the clear ipsec sa command in global configuration and privileged EXEC modes. You can also use an alternate form: clear crypto ipsec sa.

clear ipsec sa [counters | entry peer-addr protocol spi | peer peer-addr | map map-name]
Syntax Description
counters  (Optional) Clears all counters.
entry (Optional) Clears IPSec SAs for a specified IPSec peer, protocol and SPI.
map map-name (Optional) Clears IPSec SAs for the specified crypto map.
peer (Optional) Clears IPSec SAs for a specified peer.
peer-addr Specifies the IP address of an IPSec peer.
protocol Specifies an IPSec protocol: esp or ah.
spi Specifies an IPSec SPI.

clear ipsec sa peer-addr 111.222.111.222

check this out..
0
 
LVL 1

Author Comment

by:ort11
ID: 16942356
Cool, will check this out and get back.
0
 
LVL 1

Author Comment

by:ort11
ID: 16961279
clear ipsec sa peer 111.222.111.222

seems to work fine.  have to leave out the -addr

thanks
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Here's a look at newsworthy articles and community happenings during the last month.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question