Description
Related command:
Example
reset ipsec session
Syntax
policy-name: Name of the IPSec policy, a case sensitive string of 1 to 15
alphanumeric characters.
seq-number: Sequence number of the IPSec policy, in the range 1 to 10000. If no
seq-number is specified, all the policies in the IPSec policy group named
policy-name are specified.
remote ip-address: Specifies ip-address as the remote address, in dotted decimal
notation.
Use the
reset ipsec sa
or through IKE negotiation.
If no parameter is specified, all SAs will be cleared.
Note that:
Once an SA set up manually is cleared, the system will automatically set up a
■
new SA based on the parameters of the IPSec policy.
Once an SA set up through IKE negotiation is cleared, the system will set up a
■
new one through negotiation when a packet triggers an IKE negotiation.
As SAs appear in pairs, if you specify the parameters keyword to clear the SA
■
in one direction, the SA in the other direction will also be cleared.
display ipsec sa.
# Clear all SAs.
<Sysname> reset ipsec sa
# Clear the SA with the remote IP address of 10.1.1.2.
<Sysname> reset ipsec sa remote 10.1.1.2
# Clear all SAs of IPSec policy template policy1.
<Sysname> reset ipsec sa policy policy1
# Clear the SA of the IPSec policy with the name of policy1 and sequence number
of 10.
<Sysname> reset ipsec sa policy policy1 10
# Clear the SA with the remote IP address of 10.1.1.2, security protocol of AH,
and SPI of 10000.
<Sysname> reset ipsec sa parameters 10.1.1.2 ah 10000
reset ipsec session [ tunnel-id integer ]
command to clear an specified or all SAs set up manually
2143