H3C S6550X-HI Series Command Reference Manual page 2282

: Uses ESP.
esp
: Specifies a key in encrypted form.
cipher
: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form
simple
will be stored in encrypted form.
: Specifies the key. Its plaintext form is a case-insensitive hexadecimal string, which is 16
string
bytes for HMAC-MD5 and a 20 bytes for HMAC-SHA1. Its encrypted form is a case-sensitive string
of 1 to 85 characters.
Usage guidelines
This command applies only to manual IPsec policies and IPsec profiles.
You must set an authentication key for both the inbound and outbound SAs.
The local inbound SA must use the same authentication key as the remote outbound SA, and the
local outbound SA must use the same authentication key as the remote inbound SA.
In an IPsec profile to be applied to an IPv6 routing protocol, the local authentication keys of the
inbound and outbound SAs must be identical.
The keys for the IPsec SAs at the two tunnel ends must be input in the same format (either in
hexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel.
If you execute this command multiple times for the same protocol and direction, the most recent
configuration takes effect.
Examples
# Configure
0xaabbccddeeff001100aabbccddeeff00 for the inbound and outbound SAs that use AH.
<Sysname> system-view
[ ]
Sysname
[
Sysname-ipsec-policy-manual-policy1-100
112233445566778899aabbccddeeff00
[
Sysname-ipsec-policy-manual-policy1-100
aabbccddeeff001100aabbccddeeff00
Related commands
display ipsec sa
sa string-key
sa hex-key encryption
Use
sa encryption-hex
Use
undo sa encryption-hex
Syntax
sa hex-key encryption { inbound | outbound } esp { cipher | simple } string
undo sa hex-key encryption { inbound | outbound } esp
Default
No hexadecimal encryption key is configured for manual IPsec SAs.
Views
IPsec policy view
IPsec profile view
plaintext authentication
ipsec policy policy1 100 manual
configure a hexadecimal encryption key for manual IPsec SAs.
keys 0x112233445566778899aabbccddeeff00
]
sa hex-key authentication inbound ah simple
]
sa hex-key authentication outbound ah simple
remove the hexadecimal encryption key.
57
and