Manoj Reddy's Reference Guide

clear crypto connection

To terminate an encrypted session in progress, use the clear crypto connection global configuration command.

clear crypto connection connection-id [slot | rsm  | vip ]

Syntax Description

connection-id 

Identifies the encrypted session to terminate.

slot 

(Optional) Identifies the crypto engine. This argument is available only on Cisco 7200, RSP7000, and 7500 series routers.

If no slot is specified, the Cisco IOS crypto engine will be selected.

Use the chassis slot number of the crypto engine location. For the Cisco IOS crypto engine, this is the chassis slot number of the Route Switch Processor (RSP). For the VIP2 crypto engine, this is the chassis slot number of the VIP2. For the ESA crypto engine, this is the chassis slot number of the ESA (Cisco 7200) or of the VIP2 (Cisco RSP7000 and 7500).

rsm

(Optional) This keyword is only available on the Cisco Catalyst 5000 series switch. It identifies the Route Switch Module on the Cisco Catalyst 5000 series switch.

vip

(Optional) This keyword is only available on the Cisco Catalyst 5000 series switch. It identifies the Versatile Interface Processor on the Cisco Catalyst 5000 series switch.

Defaults

None

Command Modes

Global configuration

Command History

ReleaseModification
11.2

This command was introduced.

12.0

The following arguments and keywords were added:

  • slot
  • rsm
  • vip

Usage Guidelines

Use this command to terminate an encrypted session currently in progress. Encrypted sessions will normally terminate when the session times out. Use the show crypto cisco connections command to learn the connection-id value.

Examples

The following example clears a pending encrypted session. (You could also clear an established encrypted session in the same way.)

Router1# show crypto cisco connections
Pending Connection Table
PE              UPE             Timestamp             Conn_id
192.168.3.10    192.168.204.100 Mar 01 1993 00:01:09  -1

Connection Table
PE              UPE             Conn_id New_id  Alg     Time        Slot
192.168.3.10    192.168.204.100 -1      1       0       Not Set     4
                flags:PEND_CONN 

Router1# clear crypto connection -1
Router1# show crypto cisco connections
Connection Table
PE              UPE             Conn_id New_id  Alg     Time
192.168.3.10    192.168.204.100 0       0       0       Mar 01 1993 00:02:00
                flags:BAD_CONN 

Router1#

First, the show crypto cisco connections command is issued to learn the connection-id for the pending connection (-1). This value is then used to specify which connection to clear.

Notice that after the connection is cleared, the Pending Connection Table containing the connection entry (connection-id of -1) has disappeared from the show crypto cisco connections output. Also, the Connection Table no longer shows a -1 Conn_id.

Related Commands

CommandDescription
show crypto cisco connections Displays current and pending encrypted session connections.

Printed for apswan@ctr.ap.nic.in on Wed Mar 5 22:32:57 PST 2003

All material in this document copyright 2000 Cisco Systems, Inc. All rights reserved. No material may be reproduced or distributed without written permission of Cisco Systems, Inc.