Sa Spi - HP HSR6600 Command Reference Manual

At each end of an IPsec tunnel, the keys for the inbound and outbound SAs must be in the same format
(both in hexadecimal format or both in string format), and the keys must be specified in the same format
for both ends of the tunnel.
Examples
# Configure the encryption keys for the inbound and outbound SAs that use ESP as
0x1234567890abcdef and 0xabcdefabcdef1234 in plain text.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa encryption-hex inbound esp simple
1234567890abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa encryption-hex outbound esp simple
abcdefabcdef1234
Related commands
ipsec policy (system view)

sa spi

Use sa spi to configure an SPI for an SA.
Use undo sa spi to remove the configuration.
Syntax
sa spi { inbound | outbound } { ah | esp } spi-number
undo sa spi { inbound | outbound } { ah | esp }
Views
IPsec policy view
Default command level
2: System level
Parameters
inbound: Specifies the inbound SA through which IPsec processes the received packets.
outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.
ah: Uses AH.
esp: Uses ESP.
spi-number: Security parameters index (SPI) in the SA triplet, in the range 256 to 4294967295.
Usage guidelines
This command applies to only manual IPsec policies.
When configuring a manual IPsec policy, you must configure parameters for both inbound and outbound
SAs. For an ACL-based manual IPsec policy, specify different SPIs for different SAs.
The local inbound SA must use the same SPI and keys as the remote outbound SA. The same is true of the
local outbound SA and remote inbound SA.
When you configure IPsec for an IPv6 routing protocol, follow these guidelines:
The inbound and outbound SAs at the local end must use the same SPI.
•
317