Creating a Security Policy 571

Perform the following configurations in IPSec policy view.

1Set SPI parameters for the security policy association

Table 643 Configure SPI Parameters of Security Policy Association

Operation

Command

 

 

Set SPI parameters of inbound SA of

sa inbound {ah esp} spi spi-number

AH/ESP protocol (applicable to IPSec

 

software and crypto card)

 

 

 

Delete SPI parameters of inbound SA of

undo sa inbound {ah esp} spi

AH/ESP protocol (applicable to IPSec

 

software and crypto card)

 

 

 

Set SPI parameters of outbound SA of

sa outbound {ah esp} spi spi-number

AH/ESP protocol (applicable to IPSec

 

software and crypto card)

 

 

 

Delete SPI parameters of outbound SA of

undo sa outbound {ah esp} spi

AH/ESP protocol (applicable to IPSec

 

software and crypto card)

 

 

 

By default, no SPI value of inbound/outbound SA is set.

2Set the key used by the security policy association

Table 644 Configure Key Used by Security Policy Association

Operation

Command

 

 

 

Set authentication key of AH protocol

sa { inbound outbound } ah

(input in hexadecimal mode) (applicable to

hex-key-string

hex-key

IPSec software and crypto card)

 

 

 

 

Delete authentication key of AH protocol

undo sa { inbound outbound } ah

(in hexadecimal mode) (applicable to IPSec

hex-key-string

 

software and crypto card)

 

 

 

 

Set authentication key of AH protocol

sa { inbound outbound } { ah

(input in string mode) (applicable to IPSec

string-key string-key

software and crypto card)

 

 

 

 

Delete authentication key of AH protocol

undo sa { inbound outbound } ah

(character string) (applicable to IPSec

string-key

 

software and crypto card)

 

 

 

 

Configure authentication key of ESP

sa { inbound outbound } esp

protocol (input in hexadecimal system)

authentication-hex hex-key

(applicable to IPSec software and crypto

 

 

card)

 

 

 

 

Delete authentication key of ESP protocol

undo sa { inbound outbound } esp

(applicable to IPSec software and crypto

authentication-hex

card)

 

 

 

 

Set ciphering key of ESP protocol (input in

sa { inbound outbound } esp

hexadecimal system) (applicable to IPSec

encryption-hex

hex-key

software and crypto card)

 

 

 

 

Delete ciphering key of ESP protocol

undo sa { inbound outbound } esp

(applicable to IPSec software and crypto

encryption-hex

 

card)

 

 

 

 

Configure both ciphering and

sa { inbound outbound } esp

authentication keys of ESP protocol (input

string-key string-key

in string) (applicable to IPSec software and

 

 

crypto card)

 

 

 

 

Delete the ciphering and authentication

undo sa { inbound outbound } esp

keys of ESP protocol (applicable to IPSec

string-key

 

software and crypto card)

 

 

 

 

 

By default, no key is used by any security policy.

Page 575
Image 575
3Com 10014299 By default, no key is used by any security policy, Configure SPI Parameters of Security Policy Association