HP VPN Firewall Appliances VPN Command Reference
95
Examples
# Set the tag value to 50 for the static routes created by IPsec RRI.
<Sysname>system-view
[Sysname] ipsec policy 1 1 isakmp
[Sysname-ipsec-policy-isakmp-1-1] reverse-route tag 50
Related commands
reverse-route
sa authentication-hex
Use sa authentication-hex to configure an authentication key for an SA.
Use undo sa authentication-hex to remove the configuration.
Syntax
sa authentication-hex { inbound | outbound } { ah | esp } [ cipher string-key | simple hex-key ]
undo sa authentication-hex { inbound | outbound } { ah | esp }
Views
IPsec policy view
Default command level
2: System level
Parameters
inbound: Specifies the inbound SA through which IPsec processes the received packets.
outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.
ah: Uses AH.
esp: Uses ESP.
cipher string-key: Sets a ciphertext authentication key. The string-key argument is a case-sensitive
ciphertext string of 1 to 117 characters.
simple hex-key: Sets a plaintext authentication key. The hex-key argument is case insensitive and must be
a 16-byte hexadecimal string for MD5, or a 20-byte hexadecimal string for SHA1.
Usage guidelines
If neither cipher nor simple is specified, you set a plaintext authentication key string.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
This command applies to only manual IPsec policies.
When configuring a manual IPsec policy, you must set the parameters of both the inbound and outbound
SAs.
The authentication key for the inbound SA at the local end must be the same as that for the outbound SA
at the remote end, and the authentication key for the outbound SA at the local end must be the same as
that for the inbound SA at the remote end.
With an IPsec policy for an IPv6 routing protocol, the local SPI of the inbound SA and that of the
outbound SA must be identical.