3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
386 CHAPTER 22: IPSEC CONFIGURATION COMMANDS
parameters: Defines a Security Association (SA) by the destination address,
security protocol and SPI.
ip-address: Specifies the destination address in the dotted decimal IP address
format.
protocol: Specifies the security protocol by inputting the key word ah or esp, case
insensitive. ah indicates the Authentication Header protocol and esp indicates
Encapsulating Security Payload.
Spi-number: Specifies the security parameter index (SPI), ranging 256 to
4294967295.
Description
Use the reset ipsec sa command to delete an SA already set up (manually or
through IKE negotiation). If no parameter (remote, policy, parameters) is
specified, all the SA will be deleted.
An SA is uniquely identified by a triplet of IP address, security protocol and SPI. A
SA can be set up either manually or through Internet Key Exchange (IKE)
negotiation.
If an SA set up manually is deleted, the system will automatically set up a new SA
according to the parameter manually set up.
If a packet re-triggers IKE negotiation after an SA set up through IKE negotiation is
deleted, IKE will reestablish an SA through negotiation.
The keyword parameters will take effect only after the spi of the outbound SA is
defined. Because SAs appear in pairs, the inbound SA will also be deleted after the
outbound SA is deleted.
Related command: display ipsec sa.
Example
# Delete all the SAs.
<SecBlade_VPN> reset ipsec sa
# Delete an SA whose remote IP address is 10.1.1.2.
<SecBlade_VPN> reset ipsec sa remote 10.1.1.2
# Delete all the SAs in policy1.
<SecBlade_VPN> reset ipsec sa policy policy1
# Delete the SA of the IPsec policy with the name policy1 and the serial number
10.
<SecBlade_VPN> reset ipsec sa policy policy1 10
# Delete an SA whose remote IP address is 10.1.1.2, security protocol is AH, and
SPI is 10000