Command Reference Guide
3Com Router 5000 Family and Router 6000 Family reset ipsec sa ● 239
Command Reference
reset ipsec sa
Purpose Use the reset ipsec sa command to delete an SA already set up (manually or
through IKE negotiation). If no parameter (remote, policy, parameters) is specified, all
the SA will be deleted.
Syntax reset ipsec sa [ remote ip-address | policy policy-name [ seq-number ] |
parameters dest-addr protocol spi ]
Parameters remote ip-address
Specifies remote address, in dotted decimal format.
policy
Specifies the IPSec policy.
policy-name
Specifies the name of the IPSec policy. The naming rule
is as follows: length is 1 to 15 characters, case
sensitive, and the character can be English character or
number.
seq-number
Optional parameter specifying the serial number of the
ipsec policy. If no
seq-number is specified, the IPSec
policy refers to all the policies in the IPSec policy group
named
policy-name.
parameters
Defines a Security Association (SA) by the destination
address, security protocol and SPI.
dest-address
Specifies the destination address in the dotted decimal
IP address format.
protocol
Specifies the security protocol by inputting the key
word ah or esp, case insensitive. ah indicates the
Authentication Header protocol and esp indicates
Encapsulating Security Payload.
spi
Specifies the security parameter index (SPI), ranging
256 to 4294967295.
Example Delete all the SAs.
<3Com> reset ipsec sa
Delete an SA whose remote IP address is 10.1.1.2.
<3Com> reset ipsec sa remote 10.1.1.2
Delete all the SAs in policy1.
<3Com> reset ipsec sa policy policy1
Delete the SA of the ipsec policy with the name policy1 and the serial number 10.
<3Com> reset ipsec sa policy policy1 10