Sa String-Key - HPE FlexNetwork HSR6800 Security Command Reference
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
connected neighbors or a RIPng process. For IPv6 BGP, the scope can be directly connected
neighbors or a neighbor group.
Examples
# Set the SPI for the inbound SA to 10000 and that for the outbound SA to 20000 in a manual IPsec
policy.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa spi inbound ah 10000
[Sysname-ipsec-policy-manual-policy1-100] sa spi outbound ah 20000
Related commands
ipsec policy (system view)
sa string-key
Use sa string-key to set a key string for an SA.
Use undo sa string-key to remove the configuration.
Syntax
sa string-key { inbound | outbound } { ah | esp } [ cipher | simple ] string-key
undo sa string-key { inbound | outbound } { ah | esp }
Views
IPsec policy view
Default command level
2: System level
Parameters
inbound: Specifies the inbound SA through which IPsec processes the received packets.
outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.
ah: Uses AH.
esp: Uses ESP.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key.
string-key: Specifies the key string. This argument is case sensitive. If cipher is specified, it must be
a ciphertext string of 1 to 373 characters. If simple is specified, it must be a string of 1 to 255
characters. If neither cipher nor simple is specified, you set a plaintext key string. For different
algorithms, enter strings of any length in the specified range. Using this key string, the system
automatically generates keys meeting the algorithm requirements. When the protocol is ESP, the
system generates the keys for both the authentication algorithm and encryption algorithm.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text to the
configuration file.
Usage guidelines
This command applies to only manual IPsec policies.
This command is not available in FIPS mode.
When configuring a manual IPsec policy, you must set parameters for both inbound and outbound
SAs.
296
Advertisement
Table of Contents
