Command 'reset vpn ipsec-profile' doesn't work
Example:
Configuration DMVPN
HUB:
set interfaces ethernet eth0 address '192.168.139.100/24' set interfaces ethernet eth1 address '10.100.100.1/24' set interfaces tunnel tun100 address '10.0.0.1/24' set interfaces tunnel tun100 enable-multicast set interfaces tunnel tun100 encapsulation 'gre' set interfaces tunnel tun100 parameters ip key '1' set interfaces tunnel tun100 source-address '192.168.139.100' set protocols bgp address-family ipv4-unicast network 10.100.100.0/24 set protocols bgp neighbor 10.0.0.11 address-family ipv4-unicast route-reflector-client set protocols bgp neighbor 10.0.0.11 remote-as '65000' set protocols bgp neighbor 10.0.0.12 address-family ipv4-unicast route-reflector-client set protocols bgp neighbor 10.0.0.12 remote-as '65000' set protocols bgp system-as '65000' set protocols nhrp tunnel tun100 cisco-authentication 'secret' set protocols nhrp tunnel tun100 holding-time '30' set protocols nhrp tunnel tun100 multicast 'dynamic' set protocols nhrp tunnel tun100 redirect set protocols nhrp tunnel tun100 shortcut set protocols static route 0.0.0.0/0 next-hop 192.168.139.2 set vpn ipsec esp-group ESP-HUB lifetime '1800' set vpn ipsec esp-group ESP-HUB mode 'transport' set vpn ipsec esp-group ESP-HUB pfs 'dh-group2' set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha1' set vpn ipsec ike-group IKE-HUB close-action 'none' set vpn ipsec ike-group IKE-HUB dead-peer-detection action 'restart' set vpn ipsec ike-group IKE-HUB dead-peer-detection interval '3' set vpn ipsec ike-group IKE-HUB dead-peer-detection timeout '30' set vpn ipsec ike-group IKE-HUB key-exchange 'ikev2' set vpn ipsec ike-group IKE-HUB lifetime '3600' set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2' set vpn ipsec ike-group IKE-HUB proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE-HUB proposal 1 hash 'sha1' set vpn ipsec interface 'eth0' set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'secret' set vpn ipsec profile NHRPVPN bind tunnel 'tun100' set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB' set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB'
Interface Type Protocol-Address Alias-Address Flags NBMA-Address Expires-In ----------- ------- ------------------ --------------- ------- --------------- ------------ tun100 local 10.0.0.255/32 10.0.0.1 up tun100 local 10.0.0.1/32 up tun100 dynamic 10.0.0.12/32 up 192.168.139.102 0:25 tun100 dynamic 10.0.0.11/32 up 192.168.139.101 0:22
[email protected]:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------ ------- -------- -------------- ---------------- ---------------- --------------- ------------------------ dmvpn up 18m30s 21K/23K 189/207 192.168.139.101 192.168.139.101 AES_CBC_256/HMAC_SHA1_96 dmvpn up 19m5s 19K/24K 202/193 192.168.139.102 192.168.139.102 AES_CBC_256/HMAC_SHA1_96
Trying to reset:
[email protected]:~$ reset vpn ipsec-profile NHRPVPN Profile not found, aborting [email protected]:~$ reset vpn ipsec-profile NHRPVPN tunnel Possible completions: <text> Reset a specific tunnel for given DMVPN profile [email protected]:~$ reset vpn ipsec-profile NHRPVPN tunnel tunn100 Profile not found, aborting [email protected]:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------ ------- -------- -------------- ---------------- ---------------- --------------- ------------------------ dmvpn up 19m29s 22K/24K 198/217 192.168.139.101 192.168.139.101 AES_CBC_256/HMAC_SHA1_96 dmvpn up 20m4s 20K/25K 212/203 192.168.139.102 192.168.139.102 AES_CBC_256/HMAC_SHA1_96