HP 5920 Command Reference Manual page 374

undo sa string-key { inbound | outbound } { ah | esp }
Default
No key string is configured for IPsec SAs.
Views
IPsec policy view, IPsec profile view
Predefined user roles
network-admin
Parameters
inbound: Sets a key string for inbound IPsec SAs.
outbound: Sets a key string for outbound IPsec SAs.
ah: Uses AH.
esp: Uses ESP.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key.
key-value: Specifies a case-sensitive key string. If cipher is specified, it must be a string of 1 to 373
characters. If simple is specified, it must be a string of 1 to 255 characters. Using this key string, the
system automatically generates keys meeting the algorithm requirements. When the protocol is ESP, the
system generates the keys for the authentication algorithm and encryption algorithm respectively.
Usage guidelines
This command applies to only manual IPsec policies and IPsec profiles.
You must set a key for both inbound and outbound SAs.
The local inbound SA must use the same key as the remote outbound SA, and the local outbound SA must
use the same key as the remote inbound SA.
If you configure a key in different formats, only the most recent one takes effect.
The keys for the IPsec SAs at the two tunnel ends must be input in the same format (either in hexadecimal
or character format). Otherwise, they cannot establish an IPsec tunnel.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Examples
# Configure the inbound and outbound SAs that use AH to use the plaintext keys abcdef and efcdab,
respectively.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa string-key inbound ah simple abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa string-key outbound ah simple efcdab
Related commands
display ipsec sa
•
362