sa authentication-hex

Syntax

sa authentication-hex { inbound | outbound } { ah | esp } [ cipher | simple ] hex-key

undo sa authentication-hex { inbound | outbound } { ah | esp }

View

IPsec policy view

Default level

2: System level

Parameters

inbound: Specifies the inbound SA through which IPsec processes the received packets.

outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.

ah: Uses AH.

esp: Uses ESP.

cipher: Sets a ciphertext authentication key.

simple: Sets a plaintext authentication key.

hex-key: Authentication key for the SA. The hex-key argument is a case-sensitive ciphertext string of 8 to 85 characters when the cipher keyword is specified, or a case-insensitive plaintext hexadecimal string when the simple keyword is specified. The plaintext string must be a 20-byte hexadecimal string for SHA1. If neither cipher nor simple is specified, you set a plaintext authentication key string.

Description

Use the sa authentication-hex command to configure an authentication key for an SA.

Use the undo sa authentication-hex command to remove the configuration.

When configuring a manual IPsec policy, you must set the parameters of both the inbound and outbound SAs.

The authentication key for the inbound SA at the local end must be the same as that for the outbound SA at the remote end, and the authentication key for the outbound SA at the local end must be the same as that for the inbound SA at the remote end.

At both ends of an IPsec tunnel, the keys for the inbound and outbound SAs must be in the same format.

Related commands: ipsec policy (system view).

Examples

# Configure the authentication keys of the inbound and outbound SAs that use AH as 0x112233445566778899aabbccddeeff00 and 0xaabbccddeeff001100aabbccddeeff00, respectively.

<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex inbound ah 112233445566778899aabbccddeeff00
[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex outbound ah aabbccddeeff001100aabbccddeeff00