Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to clear vpn client connections

IOS - 12.2 18 SXF

crypto isakmp client configuration group keeps the count of dropped vpn connnections (those which are dropped due to internet failure on Client part and not disconnected properly)

Though this does not block the IP from pool and client is able to make another session. But thatz another addition to the count of connections.

Even if the IP Pool is for 5 IP addresses the connection counter goes up to 15-20.

I need command to clear such connections for particular Client configuration group.


#show crypto session summary

Group MYVPNGP has 15 connections

While it actually has 1 active connection and only have 3 IP in its pool.

The 'Clear' command and not the 'idle-timeout'.

Clear Sessions not helping here.

This bug could be a close match but its New and not yet fixed:

CSCse29085 - Duplicate IPSEC SA's are not deleted & SPI allocated are not freed up

Many Thanx in Advance.


Re: How to clear vpn client connections

First clear the VPN connection using crypto clear sa command and then use the show command.

New Member

Re: How to clear vpn client connections

Just before I was going to open a TAC for this case, I found the cause of issue affecting this IOS.




When a vpnclient session is disconnected ungracefully, it is possible that the user will be stuck in the local database if they are reconnecting with the same IP address but a different group name. This can lead to problems when the 'max-logins' configuration command is used, since a user is accounted for although he is no longer active.


-ungraceful vpnclient disconnect.

-'max-logins' feature is used.

- Same IP address, send initial-contact but different group


Have users in single groups, try to ensure clients disconnect properly if they are likely to be swapping groups during a session.

Further Problem Description:

The show crypto session summary command will display some users as being active, although there is actually no longer a valid crypto session for them.


CreatePlease login to create content