Sa Encryption-Hex; Sa Spi - HP 3600 v2 Series Command Reference Manual

sa encryption-hex

Syntax
sa encryption-hex { inbound | outbound } esp hex-key
undo sa encryption-hex { inbound | outbound } esp
View
IPsec policy view
Default level
2: System level
Parameters
inbound: Specifies the inbound SA through which IPsec processes the received packets.
outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.
esp: Uses ESP.
hex-key: Encryption key for the SA, in hexadecimal format. The length of the key must be 8 bytes for
DES-CBC, 24 bytes for 3DES-CBC, 64 bytes for AES128-CBC, 16 bytes for AES128-CBC, 24 bytes for
AES192-CBC, and 42 bytes for AES256-CBC.
Description
Use the sa encryption-hex command to configure an encryption key for an SA.
Use the undo sa encryption-hex command to remove the configuration.
This command applies to only manual IPsec policies.
When configuring a manual IPsec policy, you must set the parameters of both the inbound and outbound
SAs.
The encryption key for the inbound SA at the local end must be the same as that for the outbound SA at
the remote end, and the encryption key for the outbound SA at the local end must be the same as that for
the inbound SA at the remote end.
With an IPsec policy for an IPv6 routing protocol, the local SPI of the inbound SA and that of the
outbound SA must be identical.
At both ends of an IPsec tunnel, the keys for the inbound and outbound SAs must be in the same format.
Related commands: ipsec policy.
Examples
# Use 0x1234567890abcdef as the encryption key for both the inbound and outbound SAs that use ESP.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa encryption-hex inbound esp 1234567890abcdef
[Sysname-ipsec-policy-manual-policy1-100]
1234567890abcdef

sa spi

Syntax
sa spi { inbound | outbound } { ah | esp } spi-number
sa encryption-hex
245
outbound esp