Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-23
5.1.18 reset ipsec sa
Syntax
reset ipsec sa [ remote ip-address | policy policy-name [ seq-number ] | parameters
dest-addr protocol spi ]
View
User view
Parameter
remote ip-address: Specifies remote address, in dotted decimal format.
policy: Specifies the IPSec policy.
policy-name: Specifies the name of the IPSec policy. The naming rule is as follows:
length is 1 to 15 characters, case sensitive, and the character can be English character
or number.
seq-number: Optional parameter specifying the serial number of the ipsec policy. If no
seq-number is specified, the IPSec policy refers to all the policies in the IPSec policy
group named policy-name.
parameters: Defines a Security Association (SA) by the destination address, security
protocol and SPI.
dest-address: Specifies the destination address in the dotted decimal IP address
format.
protocol: Specifies the security protocol by inputting the key word ah or esp, case
insensitive. ah indicates the Authentication Header protocol and esp indicates
Encapsulating Security Payload.
spi: Specifies the security parameter index (SPI), ranging 256 to 4294967295.
Description
Use the reset ipsec sa command to delete an SA already set up (manually or through
IKE negotiation). If no parameter (remote, policy, parameters) is specified, all the SA
will be deleted.
An SA is uniquely identified by a triplet of IP address, security protocol and SPI. A SA
can be set up either manually or through Internet Key Exchange (IKE) negotiation.
If an SA set up manually is deleted, the system will automatically set up a new SA
according to the parameter manually set up.
If a packet re-triggers IKE negotiation after an SA set up through IKE negotiation is
deleted, IKE will reestablish an SA through negotiation.