Can you please help me understand the difference between the commands:
clear crypto sa
clear crypto session
I understand that clear crypto sa will clear all SA's (phase 1 and phase 2) for a specific peer if you choose. I am understanding that clear crypto session will do that same thing. What is the difference?
I assume you are referring to a Cisco IOS router rather than an ASA?
"clear crypto session" would clear IKEv1 (isakmp)/IKEv2 and IPSec SAs
"clear crypto sa" would clear only the IPSec SAs
To clear just IKEv1 (isakmp) or IKEv2 SAs, you can use the commands:- "clear crypto isakmp" or "clear crypto ikev2 sa"