HP VPN Firewall Appliances VPN Command Reference
97
• ipsec policy (system view)
• ipsec profile (system view)
Examples
# Set the SA lifetime for IPsec policy1 to 7200 seconds (2 hours).
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration time-based 7200
# Set the SA lifetime for IPsec policy policy1 to 20480 kilobytes (20 Mbytes).
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration traffic-based 20480
# Set the SA lifetime for IPsec profile profile1 to 7200 seconds (2 hours).
<Sysname> system-view
[Sysname] ipsec profile profile1
[Sysname-ipsec-profile-profile1] sa duration time-based 7200
# Set the SA lifetime for IPsec profile profile1 to 20480 kilobytes (20 Mbytes).
<Sysname> system-view
[Sysname] ipsec profile profile1
[Sysname-ipsec-profile-profile1] sa duration traffic-based 20480
sa encryption-hex
Use sa encryption-hex to configure an encryption key for an SA.
Use undo sa encryption-hex to remove the configuration.
Syntax
sa encryption-hex { inbound | outbound } esp [ cipher string-key | simple hex-key ]
undo sa encryption-hex { inbound | outbound } esp
Views
IPsec policy view
Default command level
2: System level
Parameters
inbound: Specifies the inbound SA through which IPsec processes the received packets.
outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.
esp: Uses ESP.
cipher string-key: Sets a ciphertext encryption key. The string-key argument is case sensitive and must be
a ciphertext string of 1 to 117 characters.
simple hex-key: Sets a plaintext encryption key. The hex-key argument is case insensitive, and must be an
8-byte hexadecimal string for DES-CBC, a 16-byte hexadecimal string for AES128-CBC, or a 24-byte
hexadecimal string for 3DES-CBC and AES192-CBC.