Command Reference Guide
268 ● sa spi 3Com Router 5000 Family and Router 6000 Family
Command Reference
sa spi
Purpose Use the sa spi command to set the SA SPI manually for the ipsec policy of manual
mode.
Use the undo sa spi command to delete the SA SPI already set.
Syntax sa spi { inbound | outbound } { ah | esp } spi-number
undo sa spi { inbound | outbound } { ah | esp }
Parameters inbound
Sets the spi parameter for the inbound SA. IPSec uses
the inbound SA for processing the packet in the
inbound direction (received).
outbound
Sets the spi parameter for outbound SA. IPSec uses the
outbound SA for processing the packet in the
outbound direction (sent).
ah
Sets the spi parameter for the SA using AH. If the IPSec
proposal set used by the ipsec policy adopts AH, the ah
key word is used here to set the spi relevant parameter
of the SA.
esp
Sets the spi parameter for the SA using ESP. If the IPSec
proposal set used by the ipsec policy adopts ESP, the
esp key word is used here to set the spi relevant
parameter of the SA.
spi-number
Security Parameter Index (SPI) in the triplet
identification of the SA. Valid values are 256 to
4294967295. The triplet identification of the SA,
which appears as SPI, destination address, and
protocol number, must be unique.
Example Set the SPI of the inbound SA to 10000, set the SPI of the outbound SA to 20000, in
the ipsec policy using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000
View This command can be used in the following views:
■ Manually-Established IPSec Policy view