Filter
Top Products
2145
ah: Uses AH.
esp: Uses ESP.
hex-key: Authentication key for the SA, in hexadecimal format. The length of the
key is 16 bytes for MD5 and 20 bytes for SHA1.
Description Use the sa authentication-hex command to configure an authentication key
for an SA.
Use the
undo sa authentication-hex command to remove the configuration.
Note that:
■ This command applies to only manual IPSec policies.
■ When configuring an IPSec policy, you need to set the parameters of both the
inbound and outbound SAs.
■ The authentication key for the inbound SA at the local end must be the same
as that for the outbound SA at the remote end, and the authentication key for
the outbound SA at the local end must be the same as that for the inbound SA
at the remote end.
■ Both ends of an IPSec tunnel must be configured with the same key in the
same format.
Related command: ipsec policy (system view).
Example # Configure the authentication keys of the inbound and outbound SAs using AH
as 0x112233445566778899aabbccddeeff00 and
0xaabbccddeeff001100aabbccddeeff00 respectively.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex inbound ah 1
12233445566778899aabbccddeeff00
[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex outbound ah
aabbccddeeff001100aabbccddeeff00
sa duration
Syntax sa duration { time-based seconds | traffic-based kilobytes }
undo sa duration { time-based | traffic-based }
View IPSec policy view/IPSec policy template view
Parameter seconds: Time-based SA lifetime in seconds, in the range 180 to 604,800.
kilobytes: Traffic-based SA lifetime in kilobytes, in the range 256 to 4,194,303,.
Description Use the
sa duration command to set an SA lifetime for the IPSec policy.