557
After a manual IPsec SA is cleared, the system automatically creates a new SA based on the
parameters of the IPsec policy. After IKE negotiated SAs are cleared, the system creates new SAs
only when IKE negotiation is triggered by packets.
Examples
# Clear all IPsec SAs.
<Sysname> reset ipsec sa
# Clear the inbound and outbound IPsec SAs for the triplet of SPI 256, remote IP address 10.1.1.2,
and security protocol AH.
<Sysname> reset ipsec sa spi 10.1.1.2 ah 256
# Clear all IPsec SAs for the remote IP address 10.1.1.2.
<Sysname> reset ipsec sa remote 10.1.1.2
# Clear all IPsec SAs for the entry 10 of the IPsec policy policy1.
<Sysname> reset ipsec sa policy policy1 10
# Clear all IPsec SAs for the IPsec policy policy1.
<Sysname> reset ipsec sa policy policy1
Related commands
display ipsec sa
reset ipsec statistics
Use reset ipsec statistics to clear IPsec packet statistics.
Syntax
reset ipsec statistics[ tunnel-id tunnel-id ]
Views
User view
Predefined user roles
network-admin
Parameters
tunnel-id tunnel-id: Clears IPsec packet statistics for the specified IPsec tunnel. The value range for
the tunnel-id argument is 0 to 4294967295. If you do not specify this option, the command clears all
IPsec packet statistics.
Examples
# Clear IPsec packet statistics.
<Sysname> reset ipsec statistics
Related commands
display ipsec statistics
reverse-route dynamic
Use reverse-route dynamic to enable IPsec reverse route inject (RRI).
Use undo reverse-route dynamic to disable IPsec RRI.
Syntax
reverse-route [ next-hop [ ipv6 ] ip-address ] dynamic
To Next Page
Loading...
