Hi Anuj, > Does by executing this command, already established Ipsec SA would be > destroyed in case revoked certificates are used in establishing the tunnel? No, the tunnel stays alive, certificates are not re-checked. The next reauthentication would fail, closing the tunnel. Regards Martin