Manualshelf

HP VPN Firewall Appliances VPN Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
52
Examples
# Clear the IKE SA that uses connection ID 2.
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO--TIMEOUT
<Sysname> reset ike sa 2
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO—TIMEOUT
# Clear all active IKE SAs.
<Sysname> display ike sa
total phase-1 SAs: 2
connection-id peer flag phase doi status
----------------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC ACTIVE
1 201.31.0.9 RD|ST 1 IPSEC STANDBY
2 202.38.0.2 RD|ST 2 IPSEC ACTIVE
2 201.31.0.9 RD|ST 2 IPSEC STANDBY
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO--TIMEOUT
<Sysname> reset ike sa active
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi status
----------------------------------------------------------------
1 201.31.0.9 RD|ST 1 IPSEC STANDBY
2 201.31.0.9 RD|ST 2 IPSEC STANDBY
Related commands
display ike sa
sa duration
Use sa duration to set the ISAKMP SA lifetime for an IKE proposal.
Use undo sa duration to restore the default.
Syntax
sa duration seconds