3Com MSR 30, MSR 50 manual Sa string-key

2148 CHAPTER 140: IPSEC CONFIGURATION COMMANDS

■SA parameters of IKE negotiated IPSec policies are subject to IKE, which is also responsible for establishing SAs.

■When configuring an IPSec policy, you need to set the parameters of both the inbound and outbound SAs.

■The SPI for the inbound SA at the local end must be the same as that for the outbound SA at the remote end, and the SPI for the outbound SA at the local end must be the same as that for the inbound SA at the remote end.

Related command: ipsec policy (system view).

Example # Configure the SPI of the inbound SA to 10,000 and that of the outbound SA to 20,000.

<Sysname> system-view

[Sysname] ipsec policy policy1 100 manual [Sysname-ipsec-policy-manual-policy1-100] sa spi inbound ah 10000

[Sysname-ipsec-policy-manual-policy1-100] sa spi outbound ah 20000

sa string-key

Syntax sa string-key { inbound outbound } { ah esp } string-key

undo sa string-key { inbound outbound } { ah esp }

View IPSec policy view

Parameter inbound: Specifies the inbound SA through which. IPSec processes the received packets.

outbound: Specifies the outbound SA through which IPSec processes the packets to be sent.

ah: Uses AH.

esp: Uses ESP.

string-key: Key string for the SA, consisting of 1 to 255 characters. For different algorithms, you can input strings at any length in the specified range. Using this key string, the system automatically generates keys meeting the algorithm requirements. When the protocol is ESP, the system generates the keys for the authentication algorithm and encryption algorithm respectively.

Description Use the sa string-keycommand to set an authentication key for an SA.

Use the undo sa string-keycommand to remove the configuration.

Note that:

■This command applies to only manual IPSec policies.