262
Description
Use the sa string-key command to set a key string for an SA.
Use the undo sa string-key command to remove the configuration.
This command applies to only manual IPsec policies.
When configuring a manual IPsec policy, you must set the parameters of both the inbound and outbound
SAs.
The key for the inbound SA at the local end must be the same as that for the outbound SA at the remote
end, and the key for the outbound SA at the local end must be the same as that for the inbound SA at the
remote end.
At both ends of an IPsec tunnel, the keys for the inbound and outbound SAs must be in the same format.
When configuring IPsec for an IPv6 routing protocol, you must also satisfy the following requirements:
ï‚· The local key of the inbound SA and that of the outbound SAs must be identical.
ï‚· The key configured on all devices within a scope must be identical. The scope is determined by the
IPv6 routing protocol to be protected. For OSPFv3, the scope refers to directly connected neighbors
or an OSPFv3 area. For RIPng, the scope refers to directly connected neighbors or a RIPng process
where neighbors reside. For IPv6 BGP, the scope refers to directly connected neighbors or a
neighbor group.
Related commands: ipsec policy.
Examples
# Configure the keys for the inbound and outbound SAs using AH to abcdef.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa string-key inbound ah abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa string-key outbound ah abcdef
transform
Syntax
transform { ah | ah-esp | esp }
undo transform
View
IPsec proposal view
Default level
2: System level
Parameters
ah: Uses the AH protocol.
ah-esp: Uses ESP first and then AH.
esp: Uses the ESP protocol.
Description
Use the transform command to specify the security protocol for an IPsec proposal.
To Next Page
Loading...
Need help?
General
