3com MSR 20-20 참조 매뉴얼
2171
View
User view
Parameter
connection-id: Connection ID of the IPSec tunnel to be cleared, in the range 1 to
2000000000.
2000000000.
Description
Use the reset ike sa command to clear the IPSec tunnel set up by IKE.
Note that:
■
If connection-id is not specified, all the SAs set up in phase 1 will be cleared.
■
When clearing the local IPSec tunnel, if there is an ISAKMP SA of phase 1, a
Delete Message will be sent to the remote end under the protection of this
IPSec tunnel to notify the remote end of deleting the corresponding SA.
Delete Message will be sent to the remote end under the protection of this
IPSec tunnel to notify the remote end of deleting the corresponding SA.
■
If ISAKMP SAs of phase 1 are cleared first, the remote end cannot be notified
to clear the corresponding SAs when you clear the SAs of phase 2.
to clear the corresponding SAs when you clear the SAs of phase 2.
Related command:
Example
# Clear the IPSec tunnel to 202.38.0.2.
<Sysname> display ike sa
conn-id
remote
flag
phase
doi
1
202.38.0.2
RD|ST
1
IPSEC
2
202.38.0.2
RD|ST
2
IPSEC
flag meaning:
RD--READY ST--STAYALIVE RL--REPLACED FD-FADING TO--TIMEOUT
<Sysname> reset ike sa 2
<Sysname> display ike sa
conn-id
remote
flag
phase
doi
1
202.38.0.2
RD|ST
1
IPSEC
flag meaning:
RD--READY ST--STAYALIVE RL--REPLACED FD-FADING TO-TIMEOUT
sa duration
Syntax
sa duration seconds
undo sa duration
View
IKE proposal view
Parameter
Seconds: Specifies the ISAKMP SA lifetime in seconds, in the range 60 to 604800.
Description
Use the sa duration command to specify the ISAKMP SA lifetime for an IKE
proposal.
proposal.
Use the undo sa duration command to restore the default.
By default, the ISAKMP SA lifetime is 86,400 seconds.