clear security ike security-associations

Syntax

Description

Clear information about the current Internet Key Exchange security associations (IKE SAs). For IKEv2, the device clears the information about the IKE SAs and the associated IPSec SA.

Options

none—Clear all IKE SAs.
peer-address —(Optional) Clear IKE SAs for the destination peer at this IP address.
family—(Optional) Clear IKE SAs by family.
- inet—IPv4 address family.
- inet6—IPv6 address family.
fpc slot-number—Specific to SRX Series devices. Clear information about existing IKE SAs in this Flexible PIC Concentrator (FPC) slot.
index SA-index-number —(Optional) Clear the IKE SA with this index number.

kmd-instance—Specific to SRX Series devices. Clear information about existing IKE SAs in the key management process (the daemon, which in this case is KMD) identified by FPC slot-number and PIC slot-number.
- all—All KMD instances running on the Services Processing Unit (SPU).
- kmd-instance-name—Name of the KMD instance running on the SPU.

pic slot-number—Specific to SRX Series devices. Clear information about existing IKE SAs in this PIC slot.
port port-number—(Optional) Port number of SA (1 through 65,535).
sa-type shortcut—(Optional for ADVPN) Type of SA. shortcut is the only option for this release.
ha-link-encryption—(Optional) Clear information about the current IKE SAs for high availability (HA) link tunnel only. When you enable High Availability feature, you cannot delete customer tunnels on the backup node.

Required Privilege Level

clear

Output Fields

This command produces no output.

Release Information

Command introduced in Junos OS Release 8.5. The fpc, pic, and kmd-instance options added in Junos OS Release 9.3. The port option added in Junos OS Release 10.0. The family option added in Junos OS Release 11.1.

Support for the ha-link-encryption option added in Junos OS Release 20.4R1.

ON THIS PAGE