Each phase 2 Security Association is identified by a tunnel ID, a number with a prefix of Y. To manually refresh a phase 2 Security Association, issue the ipsec -y display command to find the tunnel ID. Then issue the ipsec -y refresh command for that ID as follows:
ipsec -y refresh -a Y2
CS V1R12 ipsec Stack Name: TCPCS Tue Feb 16 11:48:04 2010
Primary: Dynamic tunnel Function: Refresh
Tunnel ID LocalDynVpnRuleName Status
Y2 ZoneC_VPN-EE1 RefreshingThe phase 2 Security Association can also be identified by the local dynamic VPN rule with which it is associated, if one exists, as follows:
ipsec -y refresh -l ZoneC_VPN-EE1
CS V1R12 ipsec Stack Name: TCPCS Tue Feb 16 11:48:04 2010
Primary: Dynamic tunnel Function: Refresh
Tunnel ID LocalDynVpnRuleName Status
Y2 ZoneC_VPN-EE1 RefreshingFor detailed information about the use of the ipsec command, see z/OS Communications Server: IP System Administrator's Commands.