HP 5920 Series - Page 250

To Next Page

To Previous Page

239

consists of directly-connected neighbors or a RIPng process. For BGP, the scope consists of BGP

peers or a BGP peer group.

• The keys for the IPsec SAs at the two tunnel ends must be configured in the same format. For

example, if the key at one end is entered as a string of characters, the key on the other end must also

be entered as a string of characters.

To configure a manual IPsec profile:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a manual IPsec

profile and enter its view.

ipsec profile profile-name manual

By default, no IPsec profile exists.

The manual keyword is not needed

if you enter the view of an existing

IPsec profile.

3. (Optional.) Configure a

description for the IPsec

profile.

description text

By default, no description is

configured.

4. Reference an IPsec

transform set for the IPsec

profile.

transform-set transform-set-name

By default, no IPsec transform set is

referenced for an IPsec profile.

The referenced IPsec transform set

must use the transport mode.

5. Configure an SPI for an

SA.

sa spi { inbound | outbound } { ah |

esp } spi-number

By default, no SPI is configured for

an SA.

6. Configure keys for the

IPsec SA.

• Configure an authentication key in

hexadecimal format for AH:

sa hex-key authentication

{ inbound | outbound } ah { cipher

| simple } key-value

• Configure an authentication key in

character format for AH:

sa string-key { inbound |

outbound } ah { cipher | simple }

key-value

• Configure a key in character

format for ESP:

sa string-key { inbound |

outbound } esp [ cipher | simple ]

key-value

• Configure an authentication key in

hexadecimal format for ESP:

sa hex-key authentication

{ inbound | outbound } esp

{ cipher | simple } key-value

• Configure an encryption key in

hexadecimal format for ESP:

sa hex-key encryption { inbound |

outbound } esp { cipher | simple }

key-value

By default, no keys are configured

for the IPsec SA.

Configure a key for the security

protocol (AH, ESP, or both) you

have specified.

If you configure a key in character

format for ESP, the device

automatically generates an

authentication key and an

encryption key for ESP.

If you configure a key in both the

character and hexadecimal

formats, only the most recent

configuration takes effect.

Main Page

HP 5920 Series - Page 250

Table of Contents

Other manuals for HP 5920 Series

Related product manuals