How can I manually refresh Phase 1 and Phase 2 Security Associations?

Question & Answer

Question

Answer

Phase 1

Each phase 1 Security Association is identified by a tunnel ID, a number with a prefix of K. To manually refresh a phase 1 Security Association, issue the ipsec -k display command to find the tunnel ID. Then issue the ipsec -k refresh command for that ID. Here's an example:

 ipsec -k refresh -a K1
 CS V1R12 ipsec Stack Name: TCPCS Tue Feb 16 11:48:04 2010
 Primary: IKE tunnel Function: Refresh
 Tunnel ID Status
 K1 Refreshing

Phase 2

Each phase 2 Security Association is identified by a tunnel ID, a number with a prefix of Y. To manually refresh a phase 2 Security Association, issue the ipsec -y display command to find the tunnel ID. Then issue the ipsec -y refresh command for that ID. Here's an example:

 ipsec -y refresh -a Y2
 CS V1R12 ipsec Stack Name: TCPCS Tue Feb 16 11:48:04 2010
 Primary: Dynamic tunnel Function: Refresh
 Tunnel ID LocalDynVpnRuleName Status
 Y2 ZoneC_VPN-EE1 Refreshing

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Was this topic helpful?

Document Information

Modified date:
23 June 2017

UID

dwa1383306

Tips

How can I manually refresh Phase 1 and Phase 2 Security Associations?

Question & Answer

Question

Answer

Product Synonym

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?