HP MSR2000/3000/4000 Router Series Security Command Reference
236
the remote-address command. Otherwise, the local end cannot obtain the latest IP address of the
remote host.
For example, the local end has a static domain name resolution entry, which maps the host name test to
the IP address 1.1.1.1. Configure the following commands:
# Configure the remote host name to test for the IPsec tunnel in the IPsec policy policy1.
[Sysname] ipsec policy policy1 1 isakmp
[Sysname-ipsec-policy-isakmp-policy1-1] remote-address test
# Change the IP address for the host test to 2.2.2.2.
[Sysname] ip host test 2.2.2.2
In this case, you must reconfigure the remote host name for the IPsec policy policy1 so that the local end
can obtain the latest IP address of the remote host.
# Reconfigure the remote host name to test for the IPsec tunnel in the IPsec policy policy1.
[Sysname] ipsec policy policy1 1 isakmp
[Sysname -ipsec-policy-isakmp-policy1-1] remote-address test
Examples
# Specify the remote IP address 10.1.1.2 for the IPsec tunnel.
<Sysname> system-view
[Sysname] ipsec policy policy1 10 manual
[Sysname-ipsec-policy-policy1-10] remote-address 10.1.1.2
Related commands
• ip host (see Layer 3—IP Services Commands Reference)
• local-address
reset ipsec sa
Use reset ipsec sa to clear IPsec SAs.
Syntax
reset ipsec sa [ { ipv6-policy | policy } policy-name [ seq-number ] | profile policy-name | remote
{ ipv4-address | ipv6 ipv6-address } | spi { ipv4-address | ipv6 ipv6-address } { ah | esp } spi-num ]
Views
User view
Predefined user roles
network-admin
Parameters
{ ipv6-policy | policy } policy-name [ seq-number ]: Clears IPsec SAs for the specified IPsec policy.
• ipv6-policy: Specifies an IPv6 IPsec policy.
• policy: Specifies an IPv4 IPsec policy.
• policy-name: Specifies the name of the IPsec policy, a case-sensitive string of 1 to 63 characters.
• seq-number: Specifies the sequence number of an IPsec policy entry, in the range of 1 to 65535. If
no seq-number is specified, all the entries in the IPsec policy are specified.