HP HSR6600 Command Reference Manual page 327
Hide thumbs
Also See for HSR6600:
- Configuration manual (614 pages) ,
- Troubleshooting manual (41 pages) ,
- Security configuration manual (559 pages)
Table of Contents
Advertisement
undo sa authentication-hex { inbound | outbound } { ah | esp }
Views
IPsec policy view
Default command level
2: System level
Parameters
inbound: Specifies the inbound SA through which IPsec processes the received packets.
outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.
ah: Uses AH.
esp: Uses ESP.
cipher: Sets a ciphertext authentication key.
simple: Sets a plaintext authentication key.
hex-key: Specifies the key string. If cipher is specified, this argument is case sensitive and must be a
ciphertext string of 1 to 1 17 characters. If simple is specified, this argument is case insensitive and must
be a 16-byte hexadecimal string for MD5 or a 20-byte hexadecimal string for SHA- 1 . If neither cipher nor
simple is specified, you set a plaintext authentication key string.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text to the
configuration file.
Usage guidelines
This command applies to only manual IPsec policies.
When configuring a manual IPsec policy, you must set the parameters of both the inbound and outbound
SAs.
The authentication key for the inbound SA at the local end must be the same as that for the outbound SA
at the remote end, and the authentication key for the outbound SA at the local end must be the same as
that for the inbound SA at the remote end.
With an IPsec policy for an IPv6 routing protocol, the local SPI of the inbound SA and that of the
outbound SA must be identical.
At each end of an IPsec tunnel, the keys for the inbound and outbound SAs must be in the same format
(both in hexadecimal format or both in string format), and the keys must be specified in the same format
for both ends of the tunnel.
Examples
# Configure the authentication keys of the inbound and outbound SAs that use AH as
0x1 12233445566778899aabbccddeeff00 and 0xaabbccddeeff001 100aabbccddeeff00 in plain text.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex inbound ah simple
112233445566778899aabbccddeeff00
[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex outbound ah simple
aabbccddeeff001100aabbccddeeff00
Related commands
ipsec policy (system view)
314
Advertisement
Table of Contents
