R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
58
reset ike sa
Syntax
reset ike sa [ connection-id | active | standby ]
View
User view
Default level
2: System level
Parameters
connection-id: Connection ID of the IKE SA to be cleared, in the range of 1 to 2000000000.
active: Clears all active IKE SAs in an IPsec stateful failover scenario.
standby: Clears all standby IKE SAs in an IPsec stateful failover scenario.
Description
Use reset ike sa to clear IKE SAs.
If you do not specify any parameter, the command clears all IKE SAs.
When active IKE SAs on a device are cleared, the device notifies the standby device to clear the
corresponding standby IKE SAs.
When standby IKE SAs on a device are cleared, the device requests the active device to synchronize
active IKE SAs to itself.
When you clear a local IPsec SA, if the corresponding IKE SA is present, the local end sends a Delete
Message to the remote end across the IKE SA, notifying the remote end to delete the corresponding IPsec
SA. Otherwise, the local end cannot notify the remote end to clear the corresponding IPsec SA.
Related commands: display ike sa.
Examples
# Clear the IKE SA that uses connection ID 2.
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO--TIMEOUT
<Sysname> reset ike sa 2
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO—TIMEOUT
# Clear all active IKE SAs.