Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-29
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound esp 1001
[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex inbound esp
1234567890abcdef
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound esp 2001
[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex outbound esp
abcdefabcdef1234
5.1.23 sa spi
Syntax
sa spi { inbound | outbound } { ah | esp } spi-number
undo sa spi { inbound | outbound } { ah | esp }
View
Manually-established IPSec policy view
Parameter
inbound: Sets the spi parameter for the inbound SA. IPSec uses the inbound SA for
processing the packet in the inbound direction (received).
outbound: Sets the spi parameter for outbound SA. IPSec uses the outbound SA for
processing the packet in the outbound direction (sent).
ah: Sets the spi parameter for the SA using AH. If the IPSec proposal set used by the
ipsec policy adopts AH, the ah key word is used here to set the spi relevant parameter
of the SA.
esp: Sets the spi parameter for the SA using ESP. If the IPSec proposal set used by the
ipsec policy adopts ESP, the esp key word is used here to set the spi relevant
parameter of the SA.
spi-number: Security Parameter Index (SPI) in the triplet identification of the SA,
ranging 256 to 4294967295. The triplet identification of the SA, which appears as SPI,
destination address, and protocol number, must be unique.
Description
Use the sa spi command to set the SA SPI manually for the ipsec policy of manual
mode.
Use the undo sa spi command to delete the SA SPI already set.
This command is only used for the ipsec policy in manual mode. It is used to set the SA
parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.