[x]

IKEv2 commands > reset ikev2 sa

 

 Next

reset ikev2 sa

Use reset ikev2 sa to delete IKEv2 SAs.

Syntax

reset ikev2 sa [ [ { local | remote } { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] | tunnel tunnel-id ] [ fast ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

local: Deletes IKEv2 SAs for a local IP address.

remote: Deletes IKEv2 SAs for a remote IP address.

ipv4-address: Specifies a local or remote IPv4 address.

ipv6 ipv6-address: Specifies a local or remote IPv6 address.

vpn-instance vpn-instance-name: Deletes IKEv2 SAs in an MPLS L3VPN instance. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command deletes IKEv2 SAs for the public network.

tunnel tunnel-id: Deletes IKEv2 SAs for an IPsec tunnel. The tunnel-id argument specifies an IPsec tunnel by its ID in the range of 1 to 2000000000.

fast: Notifies the peers of the deletion and deletes IKEv2 SAs directly before receiving the peers' responses. If you do not specify this keyword, the device notifies the peers of the deletion and deletes IKEv2 SAs after it receives the peers' responses.

Usage guidelines

Deleting an IKEv2 SA will also delete the child SAs negotiated through the IKEv2 SA.

If you do not specify any parameters, this command deletes all IKEv2 SAs and the child SAs negotiated through the IKEv2 SAs.

Examples

# Display information about IKEv2 SAs.

<Sysname> display ikev2 sa
     Tunnel ID          Local             Remote             Status
  --------------------------------------------------------------------
     1                  1.1.1.1/500       1.1.1.2/500        EST
     2                  2.2.2.1/500       2.2.2.2/500        EST
  Status:
  IN-NEGO: Negotiating, EST: Established, DEL: Deleting

# Delete the IKEv2 SA whose remote IP address is 1.1.1.2.

<Sysname> reset ikev2 sa remote 1.1.1.2

# Display information about IKEv2 SAs again. Verify that the IKEv2 SA is deleted.

<Sysname> display ikev2 sa
     Tunnel ID          Local             Remote             Status
  --------------------------------------------------------------------
     2                  2.2.2.1/500       2.2.2.2/500        EST
  Status:
  IN-NEGO: Negotiating, EST: Established, DEL: Deleting

Related commands

display ikev2 sa

prev

 

up

 next

proposal 

home

 reset ikev2 statistics

© Copyright 2018 Hewlett Packard Enterprise Development LP