Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 3000 Router Series
1201120212031204120512061207120812091210
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 6 IKE Configuration Commands
3Com Corporation
6-22
If connection-id is not specified, all the SAs at phase 1 will be deleted. If ISAKMP SA at
phase 1 exists when deleting the local security tunnel, a Delete Message notification
will be sent to the remote under the protection of this security tunnel to notify the remote
to delete the corresponding SA.
IKE uses ISAKMP of two phases: phase 1 or ISAKMP SA to establish SA, phase 2 or
IPSec SA to negotiate and establish IPSec SA, using the former established SA.
Related command: display ike sa.
Example
# Delete the security tunnel to 202.38.0.2.
<3Com> display ike sa
conn-id remote flag phase doi
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FD--FADING
<3Com> reset ike sa 2
<3Com> display ike sa
conn-id remote flag phase doi
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FD—FADING TO—TIMEOUT
Caution:
If the SA of phase 1 is deleted first, the remote end cannot be informed of clearing the
SA database when deleting the SA of phase 2.
6.1.27 sa duration
Syntax
sa duration seconds
undo sa duration
View
IKE proposal view