HP VPN Firewall Appliances VPN Command Reference
51
Usage guidelines
If you configure the id-type name or id-type user-fqdn command on the initiator, the IKE negotiation
initiator sends its security gateway name as its ID for IKE negotiation, and the peer uses the security
gateway name configured with the remote-name command to authenticate the initiator. Make sure the
local gateway name matches the remote gateway name configured on the peer.
Related commands
• id-type
• local-name
• ike local-name
Examples
# Configure the remote security gateway name as apple for IKE peer peer1.
<Sysname> system-view
[Sysname] ike peer peer1
[Sysname-ike-peer-peer1] remote-name apple
reset ike sa
Use reset ike sa to clear IKE SAs.
Syntax
reset ike sa [ connection-id | active | standby ]
Views
User view
Default command level
2: System level
Parameters
connection-id: Connection ID of the IKE SA to be cleared, in the range 1 to 2000000000.
active: Clears all active IKE SAs in an IPsec stateful failover scenario.
standby: Clears all standby ISAKMP SAs in an IPsec stateful failover scenario.
Usage guidelines
If you do not specify any parameter, the command clears all ISAKMP SAs.
When you clear a local IPsec SA, its ISAKMP SA can transmit the Delete message to notify the remote
end to delete the paired IPsec SA. If the ISAKMP SA has been cleared, the local end cannot notify the
remote end to clear the paired IPsec SA, and you must manually clear the remote IPsec SA.
When you clear the active ISAKMP SAs on the active device, the active device automatically notifies the
standby device to clear the standby ISAKMP SAs.
When you clear the standby ISAKMP SAs on the standby device, the standby device re-synchronizes the
ISAKMP SA data with the active device to set up new standby ISAKMP SAs.
If you execute the command without specifying the active or standby keyword on the active device, the
command clears all active ISAKMP SAs.