R0106-HP MSR Router Series Security Command Reference(V7)
335
address, the security protocol, and the SPI, where the remote IP address can be any valid address if the
SAs are established by IPsec profiles. To clear IPsec SAs by specifying a triplet in the inbound direction,
you should provide the SPI and use any valid values for the other two parameters.
After a manual IPsec SA is cleared, the system automatically creates a new SA based on the parameters
of the IPsec policy. After IKE negotiated SAs are cleared, the system creates new SAs only when IKE
negotiation is triggered by packets.
Examples
# Clear all IPsec SAs.
<Sysname> reset ipsec sa
# Clear the inbound and outbound IPsec SAs for the triplet of SPI 123, remote IP address 10.1.1.2, and
security protocol AH.
<Sysname> reset ipsec sa spi 10.1.1.2 ah 123
# Clear all IPsec SAs for the remote IP address 10.1.1.2.
<Sysname> reset ipsec sa remote 10.1.1.2
# Clear all IPsec SAs for the entry 10 of the IPsec policy policy1.
<Sysname> reset ipsec sa policy policy1 10
# Clear all IPsec SAs for the IPsec policy policy1.
<Sysname> reset ipsec sa policy policy1
Related commands
display ipsec sa
reset ipsec statistics
Use reset ipsec statistics to clear IPsec packet statistics.
Syntax
reset ipsec statistics[ tunnel-id tunnel-id ]
Views
User view
Predefined user roles
network-admin
Parameters
tunnel-id tunnel-id: Clears IPsec packet statistics for the specified IPsec tunnel. The value range for the
tunnel-id is 0 to 4294967295. If you do not specify this option, the command clears all IPsec packet
statistics.
Examples
# Clear IPsec packet statistics.
<Sysname> reset ipsec statistics
Related commands
display ipsec statistics