R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

341

342

343

344

345

346

347

348

349

350

334

Related commands

• ip host (see Layer 3—IP Services Commands Reference)

• local-address

reset ipsec sa

Use reset ipsec sa to clear IPsec SAs.

Syntax

reset ipsec sa [ { ipv6-policy | policy } policy-name [ seq-number ] | profile policy-name | remote

{ ipv4-address | ipv6 ipv6-address } | spi { ipv4-address | ipv6 ipv6-address } { ah | esp } spi-num ]

Views

User view

Predefined user roles

network-admin

Parameters

{ ipv6-policy | policy } policy-name [ seq-number ]: Clears IPsec SAs for the specified IPsec policy.

• ipv6-policy: Specifies an IPv6 IPsec policy.

• policy: Specifies an IPv4 IPsec policy.

• policy-name: Specifies the name of the IPsec policy, a case-insensitive string of 1 to 63 characters.

• seq-number: Specifies the sequence number of an IPsec policy entry, in the range of 1 to 65535. If

you do not specify this argument, all the entries in the IPsec policy are specified.

profile profile-name: Clears IPsec SAs for the IPsec profile specified by its name, a case-insensitive string

of 1 to 63 characters.

remote: Clears IPsec SAs for the specified remote address.

• ipv4-address: Specifies a remote IPv4 address.

• ipv6 ipv6-address: Specifies a remote IPv6 address.

spi { ipv4-address | ipv6 ipv6-address } { ah | esp } spi-num ]: Clears IPsec SAs matching the specified

SA triplet: the remote address, the security protocol, and the SPI.

• ipv4-address: Specifies a remote IPv4 address.

• ipv6 ipv6-address: Specifies a remote IPv6 address.

• ah: Specifies the AH protocol.

• esp: Specifies the ESP protocol.

• spi-num: Specifies the security parameter index in the range of 256 to 4294967295.

Usage guidelines

If you do not specify any parameters, this command clears all IPsec SAs.

If you specify an SA triplet, this command clears the IPsec SA matching the triplet, and all the other IPsec

SAs that were established during the same negotiation process, including the corresponding IPsec SA in

the other direction, and the inbound and outbound IPSec SAs using the other security protocol (AH or

ESP).

An outbound SA is uniquely identified by an SA triplet and an inbound SA is uniquely identified by an

SPI. To clear IPsec SAs by specifying a triplet in the outbound direction, you should provide the remote IP