Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9318
Views
10
Helpful
2
Replies

Difference between clear crypto sa and clear crypto session

erase startup reload
Level 1
Level 1

‎11-12-2019 07:08 AM

Hello,

 

Can you please help me understand the difference between the commands:

clear crypto sa

&

clear crypto session

 

I understand that clear crypto sa will clear all SA's (phase 1 and phase 2) for a specific peer if you choose. I am understanding that clear crypto session will do that same thing. What is the difference?

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎11-12-2019 07:38 AM

Hi,
I assume you are referring to a Cisco IOS router rather than an ASA?

 

"clear crypto session" would clear IKEv1 (isakmp)/IKEv2 and IPSec SAs

"clear crypto sa" would clear only the IPSec SAs

 

To clear just IKEv1 (isakmp) or IKEv2 SAs, you can use the commands:- "clear crypto isakmp" or "clear crypto ikev2 sa"

 

HTH

erase startup reload
Level 1
Level 1
In response to Rob Ingram

‎11-12-2019 10:57 AM

Awesome thank you! That makes sense then. Yes, this would be on a router.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents