clear security ipsec security-associations

Syntax

Description

Clear information about IPsec security associations (SAs).

Options

none—Clear all IPsec SAs.
family—(Optional) Clear SAs by family.
- inet—IPv4 address family.
- inet6—IPv6 address family.
fpc slot-number—Clear information about existing IPsec SAs in this Flexible PIC Concentrator (FPC) slot. Specific to SRX Series Firewalls.
index SA-index-number—(Optional) Clear the IPsec SA with this index number.
kmd-instance—Clear information about existing IPsec SAs in the key management process (the daemon, which in this case is KMD) identified by FPC slot-number and PIC slot-number Specific to SRX Series Firewalls.
- all—All KMD instances running on the Services Processing Unit (SPU).
- kmd-instance-name—Name of the KMD instance running on the SPU.

node-local—(Optional) Clear information about IPsec SAs for node-local tunnels in a Multinode High Availability setup.

pic slot-number—Clear information about existing IPsec SAs in this PIC slot. Specific to SRX Series Firewalls.
ha-link-encryption—(Optional) Clear information about IPsec SAs for interchassis link tunnel only. See ipsec (High Availability). When you enable High Availability feature, you cannot delete customer tunnels on the backup node.
sa-type shortcut—(Optional) It's applicable for ADVPN. Clear information about IPsec SAs by type shortcut.
srg-id—(Optional) Clear statistics related to a specific services redundancy group (SRG) in a Multinode High Availability setup..

Required Privilege Level

clear

Output Fields

This command produces no output.

Release Information

Command introduced in Junos OS Release 8.5. The fpc,pic,and kmd-instance options added in Junos OS Release 9.3. The family option added in Junos OS Release 11.1.

Support for the ha-link-encryption option added in Junos OS Release 20.4R1.

Support for the srg-id option added in Junos OS Release 22.4R1.

Support for the node-local option added in Junos OS Release 23.2R1.

ON THIS PAGE