Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 5000 Router Series
2231223222332234223522362237223822392240
238reset ike sa 3Com Router 5000 Family and Router 6000 Family
Command Reference
reset ike sa
Purpose Use the reset ike sa command to delete the security tunnel set up by IKE.
Syntax reset ike sa [ connection-id ]
Parameters connection-id
Specifies the SA to be deleted. If this parameter is not
specified, all the SAs at phase 1 will be deleted.
Example Delete the security tunnel to 202.38.0.2.
<3Com> display ike sa
conn-id remote flag phase doi
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FD--FADING
<3Com> reset ike sa 2
<3Com> display ike sa
conn-id remote flag phase doi
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FD—FADING TO—TIMEOUT
CAUTION:
If the SA of phase 1 is deleted first, the remote end cannot be informed of clearing
the SA database when deleting the SA of phase 2.
View This command can be used in the following views:
User view
Description If connection-id is not specified, all the SAs at phase 1will be deleted. If ISAKMP SA at
phase 1 exists when deleting the local security tunnel, a Delete Message notification
will be sent to the remote under the protection of this security tunnel to notify the
remote to delete the corresponding SA.
IKE uses ISAKMP of two phases: phase 1 or ISAKMP SA to establish SA, phase 2 or
IPSec SA to negotiate and establish IPSec SA, using the former established SA.
Related Command display ike sa