Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
93
Examples
# Enable packet information pre-extraction.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] qos pre-classify
reset ipsec sa
Syntax
reset ipsec sa [ active | parameters dest-address protocol spi | policy policy-name [ seq-number ] |
remote ip-address | standby ]
View
User view
Default level
2: System level
Parameters
active: Specifies all active IPsec SAs in an IPsec stateful failover scenario.
parameters dest-address protocol spi: Specifies IPsec SAs that use the specified destination address,
security protocol, and SPI .
dest-address: Destination address, in dotted decimal notation.
protocol: Security protocol, which can be keyword ah or esp, case insensitive.
spi: Security parameter index, in the range of 256 to 4294967295.
policy: Specifies IPsec SAs that use an IPsec policy or IPsec profile.
policy-name: Name of the IPsec policy or IPsec profile, a case-sensitive string of 1 to 15 alphanumeric
characters.
seq-number: Sequence number of the IPsec policy, in the range of 1 to 65535. If no seq-number is
specified, all the policies in the IPsec policy group named policy-name are specified.
remote ip-address: Specifies SAs to or from a remote address, in dotted decimal notation.
standby: Specifies all standby IPsec SAs in an IPsec stateful failover scenario.
Description
Use reset ipsec sa to clear IPsec SAs.
Immediately after a manually set up SA is cleared, the system automatically sets up a new SA based on
the parameters of the IPsec policy. After IKE negotiated SAs are cleared, the system sets up new SAs only
when IKE negotiation is triggered by interesting packets.
IPsec SAs appear in pairs. If you specify the parameters keyword to clear an IPsec SA, the IPsec SA in the
other direction is also automatically cleared.
If you do not specify any parameter, the command clears all IPsec SAs.
If you specify neither active nor standby, the command clears both active and standby IPsec SAs.
When active IPsec SAs on a device are cleared, the device notifies the standby device to clear the
corresponding standby IPsec SAs.