To Next Page

To Previous Page

562

Parameters

inbound: Specifies a hexadecimal authentication key for inbound SAs.

outbound: Specifies a hexadecimal authentication key for outbound SAs.

ah: Uses AH.

esp: Uses ESP.

cipher: Specifies a key in encrypted form.

simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form

will be stored in encrypted form.

string: Specifies the key. Its plaintext form is case insensitive and must be a 16-byte hexadecimal

string for HMAC-MD5, a 20-byte hexadecimal string for HMAC-SHA1, and a 32-byte hexadecimal

string for HMAC-SM3. Its encrypted form is a case-sensitive string of 1 to 85 characters.

Usage guidelines

This command applies only to manual IPsec policies and IPsec profiles.

You must set an authentication key for both the inbound and outbound SAs.

The local inbound SA must use the same authentication key as the remote outbound SA, and the

local outbound SA must use the same authentication key as the remote inbound SA.

In an IPsec profile to be applied to an IPv6 routing protocol, the local authentication keys of the

inbound and outbound SAs must be identical.

If you execute this command multiple times, the most recent configuration takes effect.

The keys for the IPsec SAs at the two tunnel ends must be input in the same format (either in

hexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel.

Examples

# Configure plaintext authentication keys 0x112233445566778899aabbccddeeff00 and

0xaabbccddeeff001100aabbccddeeff00 for the inbound and outbound SAs that use AH.

<Sysname> system-view

[Sysname] ipsec policy policy1 100 manual

[Sysname-ipsec-policy-manual-policy1-100] sa hex-key authentication inbound ah simple

112233445566778899aabbccddeeff00

[Sysname-ipsec-policy-manual-policy1-100] sa hex-key authentication outbound ah simple

aabbccddeeff001100aabbccddeeff00

Related commands

display ipsec sa

sa string-key

sa hex-key encryption

Use sa encryption-hex to configure a hexadecimal encryption key for manual IPsec SAs.

Use undo sa encryption-hex to remove the hexadecimal encryption key.

Syntax

sa hex-key encryption { inbound | outbound } esp { cipher | simple } string

undo sa hex-key encryption { inbound | outbound } esp

Default

No hexadecimal encryption key is configured for manual IPsec SAs.

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS