Sa Authentication-Hex - HP 3600 v2 Series Command Reference Manual

sa authentication-hex

Syntax
sa authentication-hex { inbound | outbound } { ah | esp } hex-key
undo sa authentication-hex { inbound | outbound } { ah | esp }
View
IPsec policy view
Default level
2: System level
Parameters
inbound: Specifies the inbound SA through which IPsec processes the received packets.
outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.
ah: Uses AH.
esp: Uses ESP.
hex-key: Authentication key for the SA, in hexadecimal format. The length of the key is 16 bytes for MD5
and 20 bytes for SHA1.
Description
Use the sa authentication-hex command to configure an authentication key for an SA.
Use the undo sa authentication-hex command to remove the configuration.
This command applies to only manual IPsec policies.
When configuring a manual IPsec policy, you must set the parameters of both the inbound and outbound
SAs.
The authentication key for the inbound SA at the local end must be the same as that for the outbound SA
at the remote end, and the authentication key for the outbound SA at the local end must be the same as
that for the inbound SA at the remote end.
With an IPsec policy for an IPv6 routing protocol, the local SPI of the inbound SA and that of the
outbound SA must be identical.
At both ends of an IPsec tunnel, the keys for the inbound and outbound SAs must be in the same format.
Related commands: ipsec policy.
Examples
# Use 0x1 12233445566778899aabbccddeeff00 as the authentication key for both the inbound and
outbound SAs that use AH .
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100]
112233445566778899aabbccddeeff00
[Sysname-ipsec-policy-manual-policy1-100]
112233445566778899aabbccddeeff00
sa authentication-hex
sa authentication-hex
244
inbound ah
outbound ah