3com MSR 20-20 참조 매뉴얼
2143
policy-name: Name of the IPSec policy, a case sensitive string of 1 to 15
alphanumeric characters.
alphanumeric characters.
seq-number: Sequence number of the IPSec policy, in the range 1 to 10000. If no
seq-number is specified, all the policies in the IPSec policy group named
policy-name are specified.
seq-number is specified, all the policies in the IPSec policy group named
policy-name are specified.
remote ip-address: Specifies ip-address as the remote address, in dotted decimal
notation.
notation.
Description
Use the reset ipsec sa command to clear an specified or all SAs set up manually
or through IKE negotiation.
or through IKE negotiation.
If no parameter is specified, all SAs will be cleared.
Note that:
■
Once an SA set up manually is cleared, the system will automatically set up a
new SA based on the parameters of the IPSec policy.
new SA based on the parameters of the IPSec policy.
■
Once an SA set up through IKE negotiation is cleared, the system will set up a
new one through negotiation when a packet triggers an IKE negotiation.
new one through negotiation when a packet triggers an IKE negotiation.
■
As SAs appear in pairs, if you specify the parameters keyword to clear the SA
in one direction, the SA in the other direction will also be cleared.
in one direction, the SA in the other direction will also be cleared.
Related command:
Example
# Clear all SAs.
<Sysname> reset ipsec sa
# Clear the SA with the remote IP address of 10.1.1.2.
<Sysname> reset ipsec sa remote 10.1.1.2
# Clear all SAs of IPSec policy template policy1.
<Sysname> reset ipsec sa policy policy1
# Clear the SA of the IPSec policy with the name of policy1 and sequence number
of 10.
of 10.
<Sysname> reset ipsec sa policy policy1 10
# Clear the SA with the remote IP address of 10.1.1.2, security protocol of AH,
and SPI of 10000.
and SPI of 10000.
<Sysname> reset ipsec sa parameters 10.1.1.2 ah 10000
reset ipsec session
Syntax
reset ipsec session [ tunnel-id integer ]