HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 279

Examples # Configure plaintext authentication keys 0x112233445566778899aabbccddeeff00 and 0xaabbccddeeff001100aabbccddeeff00 for the inbound and outbound SAs that use AH. system-view [Sysname] ipsec policy policy1 100 manual [Sysname-ipsec-policy-manual-policy1-100] sa hex-key authentication inbound ah simple 112233445566778899aabbccddeeff00 [Sysname-ipsec-policy-manual-policy1-100] sa hex-key authentication outbound ah simple aabbccddeeff001100aabbccddeeff00 Related commands • display ipsec sa • sa string-key sa hex-key encryption Use sa encryption-hex to configure a hexadecimal encryption key for manual IPsec SAs. Use undo sa encryption-hex to remove the hexadecimal encryption key. Syntax sa hex-key encryption { inbound | outbound } esp { cipher | simple } key-value undo sa hex-key encryption { inbound | outbound } esp Default No encryption key is configured for manual IPsec SAs. Views IPsec policy view, IPsec profile view Predefined user roles network-admin Parameters inbound: Specifies a hexadecimal encryption key for inbound SAs. outbound: Specifies a hexadecimal encryption key for outbound SAs. esp: Uses ESP. cipher key-value: Sets a ciphertext encryption key, a case-sensitive string of 1 to 117 characters. simple key-value: Sets a plaintext encryption key. The key-value argument is case insensitive and must be an 8-byte hexadecimal string for DES-CBC, a 24-byte hexadecimal string for 3DES-CBC, a 16-byte hexadecimal string for AES128-CBC, a 24-byte hexadecimal string for AES192-CBC, and a 32-byte hexadecimal string for AES256-CBC. Usage guidelines This command applies to only manual IPsec policies and IPsec profiles. You must set an encryption key for both the inbound and outbound SAs. The local inbound SA must use the same encryption key as the remote outbound SA, and the local outbound SA must use the same encryption key as the remote inbound SA. 270