Table of Contents
Advertisement
Predefined user roles
network-admin
Parameters
: Specifies a hexadecimal encryption key for the inbound SA.
inbound
: Specifies a hexadecimal encryption key for the outbound SA.
outbound
: Uses ESP.
esp
: Specifies a key in encrypted form.
cipher
: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form
simple
will be stored in encrypted form.
: Specifies the key. Its encrypted form is a case-sensitive string of 1 to 117 characters. Its
string
plaintext form is a case-insensitive hexadecimal string and the key length varies by algorithm.
The following matrix shows the key length for the algorithms:
Algorithm
DES-CBC
3DES-CBC
AES128-CBC
AES192-CBC
AES256-CBC
Usage guidelines
This command applies only to manual IPsec policies and IPsec profiles.
You must set an encryption key for both the inbound and outbound SAs.
The local inbound SA must use the same encryption key as the remote outbound SA, and the local
outbound SA must use the same encryption key as the remote inbound SA.
In an IPsec profile to be applied to an IPv6 routing protocol, the local encryption keys of the inbound
and outbound SAs must be identical.
The keys for the IPsec SAs at the two tunnel ends must be configured in the same format (either in
hexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel.
If you execute this command multiple times for the same direction, the most recent configuration
takes effect.
Examples
# Configure plaintext encryption keys 0x1234567890abcdef and 0xabcdefabcdef1234 for the
inbound and outbound IPsec SAs that use ESP.
<Sysname> system-view
[
]
Sysname
[
Sysname-ipsec-policy-manual-policy1-100
1234567890abcdef
[
Sysname-ipsec-policy-manual-policy1-100
abcdefabcdef1234
Related commands
display ipsec sa
sa string-key
ipsec policy policy1 100 manual
Key length (bytes)
8
24
16
24
32
]
sa hex-key encryption inbound esp simple
]
sa hex-key encryption outbound esp simple
58
Advertisement
Chapters
Table of Contents
