Reset Ipsec Sa - HP FlexFabric 7900 Series Command Reference Manual

Security

Hide thumbs Also See for FlexFabric 7900 Series:

Command reference manual (294 pages)

Configuration manual (165 pages)

Installation manual (58 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

page of 237

/ 237
Contents
Table of Contents
Bookmarks

Table of Contents

Related commands

ip host (see Layer 3—IP Services Commands Reference)

•

local-address

•

reset ipsec sa

Use reset ipsec sa to clear IPsec SAs.

Syntax

reset ipsec sa [ policy policy-name [ seq-number ] | remote ipv4-address | spi ipv4-address { ah | esp }

spi-num ]

Views

User view

Predefined user roles

network-admin

Parameters

policy policy-name [ seq-number ]: Clears IPsec SAs for the specified IPsec policy.

•

policy: Specifies an IPv4 IPsec policy.

policy-name: Specifies the name of the IPsec policy, a case-insensitive string of 1 to 63 characters.

•

seq-number: Specifies the sequence number of an IPsec policy entry, in the range of 1 to 65535. If

•

no seq-number is specified, all the entries in the IPsec policy are specified.

remote ipv4-address: Clears IPsec SAs for the specified remote address. The ipv4-address argument

specifies a remote IPv4 address.

spi ipv4-address { ah | esp } spi-num: Clears IPsec SAs matching the specified SA triplet: the remote

address, the security protocol, and the SPI.

ipv4-address: Specifies a remote IPv4 address.

•

ah: Specifies the AH protocol.

•

esp: Specifies the ESP protocol.

spi-num: Specifies the security parameter index in the range of 256 to 4294967295.

•

Usage guidelines

If no parameters are specified, this command clears all IPsec SAs.

If you specify an SA triplet, this command clears the IPsec SA matching the triplet, and all the other IPsec

SAs that were established during the same negotiation process, including the corresponding IPsec SA in

the other direction, and the inbound and outbound IPSec SAs using the other security protocol (AH or

ESP).

An outbound SA is uniquely identified by an SA triplet and an inbound SA is uniquely identified by an

SPI. To clear IPsec SAs by specifying a triplet in the outbound direction, you should provide the remote IP

address, the security protocol, and the SPI. To clear IPsec SAs by specifying a triplet in the inbound

direction, you should provide the SPI and use any valid values for the other two parameters.

After a manual IPsec SA is cleared, the system automatically creates a new SA based on the parameters

of the IPsec policy. After IKE negotiated SAs are cleared, the system creates new SAs only when IKE

negotiation is triggered by packets.

138

Table of Contents

Reset Ipsec Sa - HP FlexFabric 7900 Series Command Reference Manual

reset ipsec sa

Related Manuals for HP FlexFabric 7900 Series

Related Content for HP FlexFabric 7900 Series

Table of Contents