?
Solved

Cisco PIX 7.1(1) clearing / dropping / killing / logout a specific isakmp point to point tunnel

Posted on 2006-06-15
3
Medium Priority
?
430 Views
Last Modified: 2013-11-16
Hi:  When you do a

show isakmp sa

you get something back like

73  IKE Peer: 111.222.111.222
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE

There is a clear isakmp sa command but it will clear ALL isakmp sessions.  Is there any way to clear just the one (#73) session in this case?

Thanks in advance
0
Comment
Question by:ort11
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
renill earned 1000 total points
ID: 16919357
clear ipsec sa

To clear IPSec SAs entirely or based on specified parameters, use the clear ipsec sa command in global configuration and privileged EXEC modes. You can also use an alternate form: clear crypto ipsec sa.

clear ipsec sa [counters | entry peer-addr protocol spi | peer peer-addr | map map-name]
Syntax Description
counters  (Optional) Clears all counters.
entry (Optional) Clears IPSec SAs for a specified IPSec peer, protocol and SPI.
map map-name (Optional) Clears IPSec SAs for the specified crypto map.
peer (Optional) Clears IPSec SAs for a specified peer.
peer-addr Specifies the IP address of an IPSec peer.
protocol Specifies an IPSec protocol: esp or ah.
spi Specifies an IPSec SPI.

clear ipsec sa peer-addr 111.222.111.222

check this out..
0
 
LVL 1

Author Comment

by:ort11
ID: 16942356
Cool, will check this out and get back.
0
 
LVL 1

Author Comment

by:ort11
ID: 16961279
clear ipsec sa peer 111.222.111.222

seems to work fine.  have to leave out the -addr

thanks
0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question