F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Command Reference-6PW100
94
Usage guidelines
With the packet information pre-extraction feature enabled, QoS classifies a packet based on the header
of the original IP packet—the header of the IP packet that has not been encapsulated by IPsec.
Examples
# Enable packet information pre-extraction.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] qos pre-classify
Related commands
• ipsec policy (system view)
• ipsec policy-template
reset ipsec sa
Use reset ipsec sa to clear IPsec SAs.
Syntax
reset ipsec sa [ active | parameters dest-address protocol spi | policy policy-name [ seq-number ] |
remote ip-address | standby ]
Views
User view
Default command level
2: System level
Parameters
active: Specifies all active IPsec SAs in an IPsec stateful failover scenario.
parameters: Specifies IPsec SAs that use the specified destination address, security protocol, and SPI.
dest-address: Destination address, in dotted decimal notation.
protocol: Security protocol, which can be keyword ah or esp, case insensitive.
spi: Security parameter index, in the range 256 to 4294967295.
policy: Specifies IPsec SAs that use an IPsec policy or IPsec profile.
policy-name: Name of the IPsec policy or IPsec profile, a case-sensitive string of 1 to 15 alphanumeric
characters.
seq-number: Sequence number of the IPsec policy, in the range 1 to 65535. If no seq-number is specified,
all the policies in the IPsec policy group named policy-name are specified.
remote: Specifies SAs to or from a remote address, in dotted decimal notation.
ip-address: Remote address.
standby: Specifies all standby IPsec SAs in an IPsec stateful failover scenario.
The following matrix shows the keywords active, and standby and firewalls and UTM compatibility:
Hardware Ke
y
words com
p
atible
F1000-A-EI/F1000-S-EI Yes