Table of Contents
Advertisement
Views
User view
Predefined user roles
network-admin
Parameters
{ ipv6-policy | policy } policy-name [ seq-number ]
specified IPsec policy.
•
ipv6-policy
•
policy
•
policy-name
characters.
•
seq-number
65535. If you do not specify this argument, all the entries in the IPsec policy are specified.
profile profile-name
case-insensitive string of 1 to 63 characters.
: Clears IPsec SAs for the specified remote address.
remote
ipv4-address
ipv6 ipv6-address
spi { ipv4-address | ipv6 ipv6-address } { ah | esp } spi-num
matching the specified SA triplet: the remote address, the security protocol, and the SPI.
•
ipv4-address
•
ipv6 ipv6-address
•
: Specifies the AH protocol.
ah
•
: Specifies the ESP protocol.
esp
: Specifies the security parameter index in the range of 256 to 4294967295.
spi-num
Usage guidelines
If you do not specify any parameters, this command clears all IPsec SAs.
If you specify an SA triplet, this command clears the IPsec SA matching the triplet, and all the other
IPsec SAs that were established during the same negotiation process, including the corresponding
IPsec SA in the other direction, and the inbound and outbound IPsec SAs using the other security
protocol (AH or ESP).
An outbound SA is uniquely identified by an SA triplet and an inbound SA is uniquely identified by an
SPI. To clear IPsec SAs by specifying a triplet in the outbound direction, you should provide the
remote IP address, the security protocol, and the SPI, where the remote IP address can be any valid
address if the SAs are established by IPsec profiles. To clear IPsec SAs by specifying a triplet in the
inbound direction, you should provide the SPI and use any valid values for the other two parameters.
After a manual IPsec SA is cleared, the system automatically creates a new SA based on the
parameters of the IPsec policy. After IKE negotiated SAs are cleared, the system creates new SAs
only when IKE negotiation is triggered by packets.
Examples
# Clear all IPsec SAs.
<Sysname> reset ipsec sa
# Clear the inbound and outbound IPsec SAs for the triplet of SPI 256, remote IP address 10.1.1.2,
and security protocol AH.
: Specifies an IPv6 IPsec policy.
: Specifies an IPv4 IPsec policy.
: Specifies the name of the IPsec policy, a case-insensitive string of 1 to 63
: Specifies the sequence number of an IPsec policy entry, in the range of 1 to
: Clears IPsec SAs for the IPsec profile specified by its name, a
: Specifies a remote IPv4 address.
: Specifies a remote IPv6 address.
: Specifies a remote IPv4 address.
: Specifies a remote IPv6 address.
50
: Clears IPsec SAs for the
: Clears IPsec SAs
Advertisement
Chapters
Table of Contents
