3Com MSR 50, MSR 30 manual Sa duration, View IPSec policy view/IPSec policy template view, 2145

2145

ah: Uses AH.

esp: Uses ESP.

hex-key: Authentication key for the SA, in hexadecimal format. The length of the key is 16 bytes for MD5 and 20 bytes for SHA1.

Description Use the sa authentication-hexcommand to configure an authentication key for an SA.

Use the undo sa authentication-hexcommand to remove the configuration.

Note that:

■This command applies to only manual IPSec policies.

■When configuring an IPSec policy, you need to set the parameters of both the inbound and outbound SAs.

■The authentication key for the inbound SA at the local end must be the same as that for the outbound SA at the remote end, and the authentication key for the outbound SA at the local end must be the same as that for the inbound SA at the remote end.

■Both ends of an IPSec tunnel must be configured with the same key in the same format.

Related command: ipsec policy (system view).

Example # Configure the authentication keys of the inbound and outbound SAs using AH as 0x112233445566778899aabbccddeeff00 and 0xaabbccddeeff001100aabbccddeeff00 respectively.

<Sysname> system-view

[Sysname] ipsec policy policy1 100 manual [Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex inbound ah 1 12233445566778899aabbccddeeff00 [Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex outbound ah aabbccddeeff001100aabbccddeeff00

sa duration

Syntax sa duration { time-based seconds traffic-based kilobytes }

undo sa duration { time-based traffic-based }

View IPSec policy view/IPSec policy template view

Parameter seconds: Time-based SA lifetime in seconds, in the range 180 to 604,800. kilobytes: Traffic-based SA lifetime in kilobytes, in the range 256 to 4,194,303,.

Description Use the sa duration command to set an SA lifetime for the IPSec policy.