Filter
Top Products
2143
policy-name: Name of the IPSec policy, a case sensitive string of 1 to 15
alphanumeric characters.
seq-number: Sequence number of the IPSec policy, in the range 1 to 10000. If no
seq-number is specified, all the policies in the IPSec policy group named
policy-name are specified.
remote ip-address: Specifies ip-address as the remote address, in dotted decimal
notation.
Description Use the
reset ipsec sa command to clear an specified or all SAs set up manually
or through IKE negotiation.
If no parameter is specified, all SAs will be cleared.
Note that:
■ Once an SA set up manually is cleared, the system will automatically set up a
new SA based on the parameters of the IPSec policy.
■ Once an SA set up through IKE negotiation is cleared, the system will set up a
new one through negotiation when a packet triggers an IKE negotiation.
■ As SAs appear in pairs, if you specify the parameters keyword to clear the SA
in one direction, the SA in the other direction will also be cleared.
Related command: display ipsec sa.
Example # Clear all SAs.
<Sysname> reset ipsec sa
# Clear the SA with the remote IP address of 10.1.1.2.
<Sysname> reset ipsec sa remote 10.1.1.2
# Clear all SAs of IPSec policy template policy1.
<Sysname> reset ipsec sa policy policy1
# Clear the SA of the IPSec policy with the name of policy1 and sequence number
of 10.
<Sysname> reset ipsec sa policy policy1 10
# Clear the SA with the remote IP address of 10.1.1.2, security protocol of AH,
and SPI of 10000.
<Sysname> reset ipsec sa parameters 10.1.1.2 ah 10000
reset ipsec session
Syntax reset ipsec session [ tunnel-id integer ]