3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
IPsec Configuration Commands 385
Description
Use the proposal command to set the proposal used by the IPsec policy.
Use the undo proposal command to cancel the proposal used by the IPsec policy.
By default, no proposal is used.
Before using this command, the corresponding IPsec proposal must has been
configured.
If set up in manual mode, an SA can only use one proposal. And if a proposal is
already set, it needs to be deleted by using the undo proposal command before a
new one can be set.
If set up in isakmp mode, an SA can use six proposals at most. IKE negotiation will
search for the completely matching proposal at both ends of the security tunnel.
If it is the IPsec template, each template can use six proposals at most, and the IKE
negotiation will search for the completely matching proposal.
Related command: ipsec proposal, ipsec policy (system view), ipsec policy
(interface view), security acl, tunnel local and tunnel remote.
Example
# Set a proposal with name prop1, adopting ESP and the default algorithm, and
sets an IPsec policy as using a proposal name prop1.
[SecBlade_VPN] ipsec proposal prop1
[SecBlade_VPN-ipsec-proposal-prop1] transform esp
[SecBlade_VPN-ipsec-proposal-prop1] quit
[SecBlade_VPN] ipsec policy policy1 100 manual
[SecBlade_VPN-ipsec-policy-manual-policy1-100] proposal prop1
reset ipsec sa Syntax
reset ipsec sa [ remote ip-address | policy policy-name [ seq-number ] |
parameters ip-address protocol spi-number ]
View
User view
Parameter
remote ip-address: Specifies remote address, in dotted decimal format.
policy: Specifies the IPsec policy.
policy-name: Specifies the name of the IPsec policy. The naming rule is as follows:
length is 1 to 15 characters, case sensitive, and the character can be English
character or number.
seq-number: Optional parameter specifying the serial number of the IPsec policy. If
no seq-number is specified, the IPsec policy refers to all the policies in the IPsec
policy group named policy-name.