Sa Hex-Key Authentication - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Usage guidelines
IKE prefers the SA lifetime of the IPsec policy, IPsec policy template, or IPsec profile over the global
SA lifetime configured by the ipsec sa global-duration command. If the IPsec policy, IPsec policy
template, or IPsec profile is not configured with the SA lifetime, IKE uses the global SA lifetime for SA
negotiation.
During SA negotiation, IKE selects the shorter SA lifetime between the local SA lifetime and the
remote SA lifetime.
Examples
# Set the SA lifetime for the IPsec policy policy1 to 7200 seconds.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration time-based 7200
# Set the SA lifetime for the IPsec policy policy1 to 20 MB. The IPsec SA expires after transmitting
20480 kilobytes.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration traffic-based 20480
Related commands
display ipsec sa
ipsec sa global-duration
sa hex-key authentication
Use sa hex-key authentication to configure a hexadecimal authentication key for manual IPsec
SAs.
Use undo sa hex-key authentication to remove the hexadecimal authentication key.
Syntax
sa hex-key authentication { inbound | outbound } { ah | esp } { cipher | simple } string
undo sa hex-key authentication { inbound | outbound } { ah | esp }
Default
No hexadecimal authentication key is configured for manual IPsec SAs.
Views
IPsec policy view
IPsec profile view
Predefined user roles
network-admin
Parameters
inbound: Specifies a hexadecimal authentication key for inbound SAs.
outbound: Specifies a hexadecimal authentication key for outbound SAs.
ah: Uses AH.
esp: Uses ESP.
cipher: Specifies a key in encrypted form.
506
Advertisement
