How to clear ISAKMP and IPSec SAs on Cisco ASA/Pix Firewalls and routers

ISAKMP can help in negotiation of SAs for security protocols at all the seven layers of the network stack. By centralizing the management of the security associations, ISAKMP reduces the amount of duplicated functionality within each security protocol. ISAKMP can also reduce connection setup time, by negotiating a whole stack of services at once.

IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering Task Force, to provide IP security at the network layer.

An IPsec based VPN is made up by two parts:

*Internet Key Exchange protocol (IKE)
*IPsec protocols (AH/ESP/both)

To display the settings used by the current IPSec SAs, issue the show crypto ipsec sa command.

To display all of the current IKE SAs at a peer, issue the show crypto isakmp sa command.

In Router use the below commands

clear crypto isakmp-This command deletes the active IKE security associations
clear crypto sa-This command deletes the active IPSec security associations

In Cisco ASA/Pix firewalls use the below commands

clear crypto ipsec sa-This command deletes the active IPSec security associations
clear crypto ipsec sa peer-This command deletes the active IPSec security associations for the specified peer
clear crypto isakmp sa-This command deletes the active IKE security associations