Question & Answer
Question
How can I manually refresh Phase 1 and Phase 2 Security Associations?
Answer
Phase 1
Each phase 1 Security Association is identified by a tunnel ID, a number with a prefix of K. To manually refresh a phase 1 Security Association, issue the ipsec -k display command to find the tunnel ID. Then issue the ipsec -k refresh command for that ID. Here's an example:
ipsec -k refresh -a K1
CS V1R12 ipsec Stack Name: TCPCS Tue Feb 16 11:48:04 2010
Primary: IKE tunnel Function: Refresh
Tunnel ID Status
K1 Refreshing
Phase 2
Each phase 2 Security Association is identified by a tunnel ID, a number with a prefix of Y. To manually refresh a phase 2 Security Association, issue the ipsec -y display command to find the tunnel ID. Then issue the ipsec -y refresh command for that ID. Here's an example:
ipsec -y refresh -a Y2
CS V1R12 ipsec Stack Name: TCPCS Tue Feb 16 11:48:04 2010
Primary: Dynamic tunnel Function: Refresh
Tunnel ID LocalDynVpnRuleName Status
Y2 ZoneC_VPN-EE1 Refreshing
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
23 June 2017
UID
dwa1383306