HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 280

If you configure a key in different formats (hexadecimal or character format), only the most recent configuration takes effect. The keys for the IPsec SAs at the two tunnel ends must be configured in the same format (either in hexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel. For security purposes, all keys, including keys configured in plain text, are saved in cipher text. Examples # Configure plaintext encryption keys 0x1234567890abcdef and 0xabcdefabcdef1234 for the inbound and outbound IPsec SAs that use ESP. system-view [Sysname] ipsec policy policy1 100 manual [Sysname-ipsec-policy-manual-policy1-100] sa hex-key encryption inbound esp simple 1234567890abcdef [Sysname-ipsec-policy-manual-policy1-100] sa hex-key encryption outbound esp simple abcdefabcdef1234 Related commands • display ipsec sa • sa string-key sa idle-time Use sa idle-time to set the IPsec SA idle timeout for an IPsec policy or IPsec policy template. If no traffic matches an IPsec SA within the idle timeout interval, the IPsec SA is deleted. Use undo sa idle-time to restore the default. Syntax sa idle-time seconds undo sa idle-time Default An IPsec policy or IPsec policy template uses the global IPsec SA idle timeout. Views IPsec policy view, IPsec policy template view Predefined user roles network-admin Parameters seconds: Specifies the IPsec SA idle timeout, in the range of 60 to 86400 seconds. Usage guidelines This function applies only to IPsec SAs negotiated by IKE and takes effect when the ipsec sa idle-time command has been configured. The IPsec SA idle timeout configured in IPsec policy view or IPsec policy template view takes precedence over the global IPsec SA timeout configured by the ipsec sa idle-time command. Examples # Set the IPsec SA idle timeout to 600 seconds for the IPsec policy. 271