H3C MSR Series Command Reference Manual page 586

Views
IPsec policy view
IPsec profile view
Predefined user roles
network-admin
Parameters
inbound: Specifies a hexadecimal encryption key for inbound SAs.
outbound: Specifies a hexadecimal encryption key for outbound SAs.
esp: Uses ESP.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form
will be stored in encrypted form.
string: Specifies the key. Its encrypted form is a case-sensitive string of 1 to 117 characters. Its
plaintext form is a case-insensitive hexadecimal string and the key length varies by algorithm.
The following matrix shows the key length for the algorithms:
Algorithm
DES-CBC
3DES-CBC
AES128-CBC
AES192-CBC
AES256-CBC
SM1128-CBC
SM1192-CBC
SM1256-CBC
SM4128-CBC
Usage guidelines
This command applies only to manual IPsec policies and IPsec profiles.
You must set an encryption key for both the inbound and outbound SAs.
The local inbound SA must use the same encryption key as the remote outbound SA, and the local
outbound SA must use the same encryption key as the remote inbound SA.
In an IPsec profile to be applied to an IPv6 routing protocol, the local encryption keys of the inbound
and outbound SAs must be identical.
If you execute this command multiple times, the most recent configuration takes effect.
The keys for the IPsec SAs at the two tunnel ends must be configured in the same format (either in
hexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel.
Examples
# Configure plaintext encryption keys 0x1234567890abcdef and 0xabcdefabcdef1234 for the
inbound and outbound IPsec SAs that use ESP.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
Key length (bytes)
8
24
16
24
32
16
24
32
16
563