Sa Hex-Key Authentication - HP 5920 Command Reference Manual
Hide thumbs
Also See for 5920:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
traffic-based kilobytes: Specifies the traffic-based SA lifetime, in the range of 2560 to 4294967295
kilobytes.
Usage guidelines
IKE prefers the SA lifetime of the IPsec policy over the global SA lifetime. If the IPsec policy is not
configured with the SA lifetime, IKE uses the global SA lifetime configured by the ipsec sa
global-duration command for SA negotiation.
During SA negotiation, IKE selects the shorter SA lifetime between the local SA lifetime and the remote
SA lifetime.
Examples
# Set the SA lifetime for the IPsec policy policy1 to 7200 seconds.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration time-based 7200
# Set the SA lifetime for the IPsec policy policy1 to 20 M bytes. That is, the IPsec SA expires after
transmitting 20480 bytes.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration traffic-based 20480
Related commands
display ipsec sa
•
•
ipsec sa global-duration
sa hex-key authentication
Use sa hex-key authentication to configure a hexadecimal authentication key for manual IPsec SAs.
Use undo sa hex-key authentication to remove the hexadecimal authentication key.
Syntax
sa hex-key authentication { inbound | outbound } { ah | esp } { cipher | simple } key-value
undo sa hex-key authentication { inbound | outbound } { ah | esp }
Default
No authentication key is configured for manual IPsec SAs.
Views
IPsec policy view, IPsec profile view
Predefined user roles
network-admin
Parameters
inbound: Specifies a hexadecimal authentication key for inbound SAs.
357
Advertisement
Table of Contents
