Description
Related command:
Example
sa duration
Syntax
View
Parameter
Description
ah: Uses AH.
esp: Uses ESP.
hex-key: Authentication key for the SA, in hexadecimal format. The length of the
key is 16 bytes for MD5 and 20 bytes for SHA1.
Use the
sa authentication-hex
for an SA.
Use the
undo sa authentication-hex
Note that:
This command applies to only manual IPSec policies.
■
When configuring an IPSec policy, you need to set the parameters of both the
■
inbound and outbound SAs.
The authentication key for the inbound SA at the local end must be the same
■
as that for the outbound SA at the remote end, and the authentication key for
the outbound SA at the local end must be the same as that for the inbound SA
at the remote end.
Both ends of an IPSec tunnel must be configured with the same key in the
■
same format.
ipsec policy (system view).
# Configure the authentication keys of the inbound and outbound SAs using AH
as 0x112233445566778899aabbccddeeff00 and
0xaabbccddeeff001100aabbccddeeff00 respectively.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex inbound ah 1
12233445566778899aabbccddeeff00
[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex outbound ah
aabbccddeeff001100aabbccddeeff00
sa duration { time-based seconds | traffic-based kilobytes }
undo sa duration { time-based | traffic-based }
IPSec policy view/IPSec policy template view
seconds: Time-based SA lifetime in seconds, in the range 180 to 604,800.
kilobytes: Traffic-based SA lifetime in kilobytes, in the range 256 to 4,194,303,.
Use the
command to set an SA lifetime for the IPSec policy.
sa duration
command to configure an authentication key
command to remove the configuration.
2145