R3303-HP HSR6800 Routers Security Command Reference
300
Usage guidelines
With the packet information pre-extraction feature enabled, QoS classifies a packet based on the header
of the original IP packet—the header of the IP packet that has not been encapsulated by IPsec.
Examples
# Enable packet information pre-extraction.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] qos pre-classify
Related commands
• ipsec policy (system view)
• ipsec policy-template
reset ipsec sa
Use reset ipsec sa to clear IPsec SAs.
Syntax
reset ipsec sa [ parameters [ ipv6 ] dest-address protocol spi | policy policy-name [ seq-number ] |
remote [ ipv6 ] ip-address ]
Views
User view
Default command level
2: System level
Parameters
parameters: Specifies IPsec SAs that use the specified destination address, security protocol, and SPI.
ipv6: Specifies an IPv6 address.
dest-address: Specifies the destination address, in dotted decimal notation.
protocol: Specifies the security protocol, which can be keyword ah or esp, case insensitive.
spi: Specifies the security parameter index in the range of 256 to 4294967295.
policy: Specifies IPsec SAs that use an IPsec policy or IPsec profile.
policy-name: Specifies the name of the IPsec policy or IPsec profile, a case-sensitive string of 1 to 15
alphanumeric characters.
seq-number: Specifies the sequence number of the IPsec policy, in the range of 1 to 65535. If no
seq-number is specified, all the policies in the IPsec policy group named policy-name are specified.
remote: Specifies SAs to or from a remote address, in dotted decimal notation.
ip-address: Specifies the remote IP address.
Usage guidelines
Immediately after a manually set up SA is cleared, the system automatically sets up a new SA based on
the parameters of the IPsec policy. After IKE negotiated SAs are cleared, the system sets up new SAs only
when IKE negotiation is triggered by interesting packets.