No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
reset ipsec sa

reset ipsec sa

Function

The reset ipsec sa command deletes an SA that is established.

Format

reset ipsec sa [ remote ip-address | policy policy-name [ seq-number ] | parameters ip-address { ah | esp } spi | efficient-vpn efficient-vpn-name | profile profile-name ]

Parameters

Parameter

Description

Value

remote ip-address

Specifies the IP address of the remote IKE peer.

The value is in dotted decimal notation.

policy policy-name seq-number

Specifies the name and the sequence number of an IPSec policy. The sequence number is optional. If the sequence number is not specified, it indicates all IPSec policies in the IPSec policy group with the specified name.

NOTE:

The AR510 series do not support this parameter.

The value is an existing IPSec policy name and sequence number.

parameters

Configures the destination address, security protocol, and SPI of an SA.

-

ip-address

Specifies the IP address of an SA.

The value is in dotted decimal notation.

ah

Specifies AH protocol as the security protocol.

-

esp

Specifies ESP protocol as the security protocol.

-

spi

Specifies the SPI of an SA.

The value is an integer that ranges from 256 to 4294967295.

efficient-vpn efficient-vpn-name

Specifies the name of an Efficient VPN policy.

The value is an existing Efficient VPN policy name.

profile profile-name

Specifies the name of an IPSec profile.

The value is an existing IPSec profile name.

Views

User view

Default Level

3: Management level

Usage Guidelines

If no parameter is specified in the reset ipsec sa command, all SAs are deleted.

If profile is not specified, the reset ipsec sa command deletes SAs established using IPSec profiles.

If parameters is specified, the reset ipsec sa command deletes the SAs in both directions.

After a manually created SA is deleted, the system creates an SA according to the IPSec policy in manual SA creation mode. After an SA established through IKE negotiation is deleted, the system negotiates a new SA if IKE negotiation is triggered by packets.

When the number of IPSec tunnels is larger than 50% of the maximum limit, high CPU usage alarms may be generated in a short period of time after the command is run. After all the SAs are cleared, the CPU usage restores to the normal range.

Example

# Delete all SAs.

<Huawei> reset ipsec sa

# Delete the SA whose peer IP address is 10.1.1.2.

<Huawei> reset ipsec sa remote 10.1.1.2

# Delete all SAs created through the IPSec policy group policy1.

<Huawei> reset ipsec sa policy policy1

# Delete the SAs created through the IPSec policy policy1 whose sequence number is 10.

<Huawei> reset ipsec sa policy policy1 10

# Delete the SA whose peer IP address is 10.1.1.2, security protocol is AH, and SPI is 10000.

<Huawei> reset ipsec sa parameters 10.1.1.2 ah 10000
# Delete the SA established using the IPSec profile profile1.
<Huawei>reset ipsec sa profile profile1

# Delete the SA established using the Efficient VPN policy policy1.

<Huawei> reset ipsec sa efficient-vpn policy1
Related Topics
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 88836

Downloads: 121

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next