3Com 10014299 By default, no key is used by any security policy.

Creating a Security Policy 571

Perform the following configurations in IPSec policy view.1Set SPI parameters for the security policy association

Tabl e 643 Configure SPI Parameters of Security Policy Association

By default, no SPI value of inbound/outbound SA is set. 2Set the key used by the security policy association

Tabl e 644 Configure Key Used by Security Policy Association

By default, no key is used by any security policy.

Operation Command

Set SPI parameters of inbound SA of

AH/ESP protocol (applicable to IPSec

software and crypto card)

sa inbound {ah |esp} spi spi-number

Delete SPI parameters of inbound SA of

AH/ESP protocol (applicable to IPSec

software and crypto card)

undo sa inbound {ah |esp} spi

Set SPI parameters of outbound SA of

AH/ESP protocol (applicable to IPSec

software and crypto card)

sa outbound {ah |esp} spi spi-number

Delete SPI parameters of outbound SA of

AH/ESP protocol (applicable to IPSec

software and crypto card)

undo sa outbound {ah |esp} spi

Operation Command

Set authentication key of AH protocol

(input in hexadecimal mode) (applicable to

IPSec software and crypto card)

sa { inbound | outbound } ah

hex-key-string hex-key

Delete authentication key of AH protocol

(in hexadecimal mode) (applicable to IPSec

software and crypto card)

undo sa { inbound | outbound } ah

hex-key-string

Set authentication key of AH protocol

(input in string mode) (applicable to IPSec

software and crypto card)

sa { inbound | outbound } { ah

string-key string-key

Delete authentication key of AH protocol

(character string) (applicable to IPSec

software and crypto card)

undo sa { inbound | outbound } ah

string-key

Configure authentication key of ESP

protocol (input in hexadecimal system)

(applicable to IPSec software and crypto

card)

sa { inbound | outbound } esp

authentication-hex hex-key

Delete authentication key of ESP protocol

(applicable to IPSec software and crypto

card)

undo sa { inbound | outbound } esp

authentication-hex

Set ciphering key of ESP protocol (input in

hexadecimal system) (applicable to IPSec

software and crypto card)

sa { inbound | outbound } esp

encryption-hex hex-key

Delete ciphering key of ESP protocol

(applicable to IPSec software and crypto

card)

undo sa { inbound | outbound } esp

encryption-hex

Configure both ciphering and

authentication keys of ESP protocol (input

in string) (applicable to IPSec software and

crypto card)

sa { inbound | outbound } esp

string-key string-key

Delete the ciphering and authentication

keys of ESP protocol (applicable to IPSec

software and crypto card)

undo sa { inbound | outbound } esp

string-key