R3166-R3206-HP High-End Firewalls VPN Command Reference-6PW101
61
Description
Use the reset ipsec sa command to clear IPsec SAs.
Immediately after a manually set up SA is cleared, the system automatically sets up a new SA based on
the parameters of the IPsec policy. After IKE negotiated SAs are cleared, the system sets up new SAs only
when IKE negotiation is triggered by interesting packets.
IPsec SAs appear in pairs. If you specify the parameters keyword to clear an IPsec SA, the IPsec SA in the
other direction is also automatically cleared.
If you do not specify any parameter, the command clears all IPsec SAs.
Related commands: display ipsec sa.
Examples
# Clear all IPsec SAs.
<Sysname> reset ipsec sa
# Clear the IPsec SA with a remote IP address of 10.1.1.2.
<Sysname> reset ipsec sa remote 10.1.1.2
# Clear all IPsec SAs of IPsec policy template policy1.
<Sysname> reset ipsec sa policy policy1
# Clear the IPsec SA of the IPsec policy with the name of policy1 and sequence number of 10.
<Sysname> reset ipsec sa policy policy1 10
# Clear the IPsec SA with a remote IP address of 10.1.1.2, security protocol of AH, and SPI of 10000.
<Sysname> reset ipsec sa parameters 10.1.1.2 ah 10000
# Clear all IPsec SAs of IPsec profile policy1.
<Sysname> reset ipsec sa policy policy1
reset ipsec statistics
Syntax
reset ipsec statistics
View
User view
Default level
2: System level
Parameters
None
Description
Use the reset ipsec statistics command to clear IPsec packet statistics.
Related commands: display ipsec statistics.
Examples
# Clear IPsec packet statistics.
<Sysname> reset ipsec statistics