HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 282

Related commands display ipsec sa sa string-key Use sa string-key to set a key string (a key in character format) for manual IPsec SAs. Use undo sa string-key to remove the key string. Syntax sa string-key { inbound | outbound } { ah | esp } [ cipher | simple ] string-key undo sa string-key { inbound | outbound } { ah | esp } Default No key string is configured for IPsec SAs. Views IPsec policy view, IPsec profile view Predefined user roles network-admin Parameters inbound: Sets a key string for inbound IPsec SAs. outbound: Sets a key string for outbound IPsec SAs. ah: Uses AH. esp: Uses ESP. cipher: Sets a ciphertext key. simple: Sets a plaintext key. key-value: Specifies a case-sensitive key string. If cipher is specified, it must be a string of 1 to 373 characters. If simple is specified, it must be a string of 1 to 255 characters. Using this key string, the system automatically generates keys that meet the algorithm requirements. When the protocol is ESP, the system generates the keys for the authentication algorithm and encryption algorithm respectively. Usage guidelines This command applies to only manual IPsec policies and IPsec profiles. You must set a key for both inbound and outbound SAs. The local inbound SA must use the same key as the remote outbound SA, and the local outbound SA must use the same key as the remote inbound SA. If you configure a key in different formats, only the most recent configuration takes effect. The keys for the IPsec SAs at the two tunnel ends must be input in the same format (either in hexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel. For security purposes, all keys, including keys configured in plain text, are saved in cipher text. Examples # Configure the inbound and outbound SAs that use AH to use the plaintext keys abcdef and efcdab, respectively. 273