Filter
Top Products
2147
Note that:
■ This command applies to only manual IPSec policies.
■ When configuring an IPSec policy, you need to set the parameters of both the
inbound and outbound SAs.
■ The encryption key for the inbound SA at the local end must be the same as
that for the outbound SA at the remote end, and the encryption key for the
outbound SA at the local end must be the same as that for the inbound SA at
the remote end.
Related command: ipsec policy (system view).
Example # Configure the encryption key for the inbound and outbound SAs using ESP as
0x1234567890abcdef and 0xabcdefabcdef1234 respectively.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa encryption-hex inbound
esp 1234567890abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa encryption-hex outbound
esp abcdefabcdef1234
sa spi
Syntax sa spi { inbound | outbound } { ah | esp } spi-number
undo sa spi { inbound | outbound } { ah | esp }
View IPSec policy view
Parameter inbound: Specifies the inbound SA through which IPSec processes the received
packets.
outbound: Specifies the outbound SA through which IPSec processes the packets
to be sent.
ah: Uses AH.
esp: Uses ESP.
spi-number: Security parameters index (SPI) in the SA triplet, in the range 256 to
4294967295.
Description Use the
sa spi command to set the SPI for SA.
Use the
undo sa spi command to remove the configuration.
Note that:
■ This command applies to only manual IPSec policies.