Filter
Top Products
2171
View User view
Parameter connection-id: Connection ID of the IPSec tunnel to be cleared, in the range 1 to
2000000000.
Description Use the
reset ike sa command to clear the IPSec tunnel set up by IKE.
Note that:
■ If connection-id is not specified, all the SAs set up in phase 1 will be cleared.
■ When clearing the local IPSec tunnel, if there is an ISAKMP SA of phase 1, a
Delete Message will be sent to the remote end under the protection of this
IPSec tunnel to notify the remote end of deleting the corresponding SA.
■ If ISAKMP SAs of phase 1 are cleared first, the remote end cannot be notified
to clear the corresponding SAs when you clear the SAs of phase 2.
Related command: display ike sa.
Example # Clear the IPSec tunnel to 202.38.0.2.
<Sysname> display ike sa
conn-id remote flag phase doi
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RL--REPLACED FD-FADING TO--TIMEOUT
<Sysname> reset ike sa 2
<Sysname> display ike sa
conn-id remote flag phase doi
1 202.38.0.2 RD|ST 1 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RL--REPLACED FD-FADING TO-TIMEOUT
sa duration
Syntax sa duration seconds
undo sa duration
View IKE proposal view
Parameter Seconds: Specifies the ISAKMP SA lifetime in seconds, in the range 60 to 604800.
Description Use the
sa duration command to specify the ISAKMP SA lifetime for an IKE
proposal.
Use the
undo sa duration command to restore the default.
By default, the ISAKMP SA lifetime is 86,400 seconds.