reset ipsec sa [ remote ipv4-address | parameters ipv4-address esp spi | efficient-vpn efficient-vpn-name ]
| Parameter | Description | Value |
|---|---|---|
| remote ipv4-address | Specifies the IPv4 address of the remote end. | The value is in dotted decimal notation. |
| parameters ipv4-address esp spi | Specifies the three elements that uniquely identify an IPSec SA. The three elements are ipv4-address (destination address), protocol (ESP), and Security Parameter Index (SPI). To reset an SA, the three elements must be specified. | The three elements are described as follows:
|
efficient-vpn efficient-vpn-name |
Specifies the name of an Efficient VPN policy. |
The value is an existing Efficient VPN policy name. |
If no parameter is specified, all IPSec SAs are deleted.
If parameters is specified, the IPSec SAs in two directions are deleted simultaneously.
To delete IPSec SAs established through IKE negotiation, you must run the reset ipsec sa and reset ike sa commands in sequence. Otherwise, IPSec SAs established through IKE negotiation fail to be deleted. After the IPSec SAs are deleted, IKE peers re-negotiate IPSec SAs only when packets trigger IKE negotiation.