clear Command
The clear command allows you to remove current settings. You must be very careful when
using the clear command to ensure that you do not remove portions of your configuration
that are needed. The most common use of the clear command for troubleshooting VPN
connectivity is to clear current sessions and force them to regenerate. Table 13-7 explains the
two clear commands used to troubleshoot VPN connectivity.
debug Command
The debug command lets you watch the VPN negotiation take place. This command is
available only from configuration mode on the PIX and will not display any output in a
Telnet session. Table 13-8 explains the two debug commands most commonly used to
troubleshoot VPN connectivity.
spi: 0x50b98b5(84646069)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 1, crypto map: Chapter11
sa timing: remaining key lifetime (k/sec): (460800/21)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x9a46ecae(2588339374)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2, crypto map: Chapter11
sa timing: remaining key lifetime (k/sec): (460800/21)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
Table 13-7 clear Commands
Command Description
clear isakmp sa Removes all ISAKMP statements from the configuration
clear [crypto] isakmp sa Clears all active ISAKMP SAs
clear [crypto] ipsec sa Clears all active IPSec SAs