[x]

IPsec configuration commands > sa string-key

 

 Next

sa string-key

Syntax

sa string-key { inbound | outbound } { ah | esp } [ cipher | simple ] string-key

undo sa string-key { inbound | outbound } { ah | esp }

View

IPsec policy view

Default level

2: System level

Parameters

inbound: Specifies the inbound SA through which IPsec processes the received packets.

outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.

ah: Uses AH.

esp: Uses ESP.

cipher: Sets a ciphertext key.

simple: Sets a plaintext key.

string-key: Specifies the key string. This argument is case sensitive. If cipher is specified, it must be a ciphertext string of 1 to 373 characters. If simple is specified, it must be a string of 1 to 255 characters. If neither cipher nor simple is specified, you set a plaintext key string. For different algorithms, enter strings of any length in the specified range. Using this key string, the system automatically generates keys meeting the algorithm requirements. When the protocol is ESP, the system generates the keys for both the authentication algorithm and encryption algorithm.

Description

Use the sa string-key command to set a key string for an SA.

Use the undo sa string-key command to remove the configuration.

This command is not supported in FIPS mode.

This command applies to only manual IPsec policies.

When configuring a manual IPsec policy, you must set parameters for both inbound and outbound SAs.

The local inbound SA must use the same SPI and keys as the remote outbound SA. The same is true of the local outbound SA and remote inbound SA.

Enter keys in the same format for the local and remote inbound and outbound SAs. For example, if the local inbound SA uses a key in characters, the local outbound SA and remote inbound and outbound SAs must use keys in characters.

Related commands: ipsec policy (system view).

Examples

# Configure the inbound and outbound SAs that use AH to use the keys abcdef and efcdab, respectively. 

<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa string-key inbound ah abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa string-key outbound ah efcdab

# Configure the inbound and outbound SAs that use AH to use the key abcdef.

<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa string-key inbound ah abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa string-key outbound ah abcdef

prev

 

up

 next

sa spi 

home

 security acl

© Copyright 2016 Hewlett Packard Enterprise Development LP