Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 3000 Router Series
1151115211531154115511561157115811591160
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-25
5.1.20 sa authentication-hex
Syntax
sa authentication-hex { inbound | outbound } { ah | esp } hex-key
undo sa authentication-hex { inbound | outbound } { ah | esp }
View
Manually-established IPSec policy view
Parameter
inbound: Configures the authentication-hex parameter for the inbound SA. IPSec
uses the inbound SA for processing the packet in the inbound direction (received).
outbound: Configures the authentication-hex parameter for the outbound SA. IPSec
uses the outbound SA for processing the packet in the outbound direction (sent).
ah: Sets the authentication-hex parameter for the SA using AH. If the IPSec proposal
used by the ipsec policy adopts AH, the ah key word is used here to set the AH relevant
parameter of the SA.
esp: Sets the authentication-hex parameter for the SA using ESP. If the IPSec
proposal used by the ipsec policy adopts ESP, the esp key word is used here to set the
ESP relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. If MD5 is used, then input a
16-byte key; if SHA1 is used, input a 20-byte key.
Description
Use the sa authentication-hex command to set the SA authentication key manually
for the ipsec policy of manual mode.
Use the undo sa authentication-hex command to delete the SA authentication key
already set.
This command is only used for the ipsec policy in manual mode.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually. IKE will automatically negotiate the SA parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately.
The SA parameters set at both ends of the security tunnel must be fully matching. The
SPI and key for the SA input at the local end must be the same as those output at the
remote. The SA SPI and key output at the local end must be the same as those input at
the remote.
There are two ways of inputting a key: hex and character string. To input a character
string for a key, you must use the sa string-key command. If two keys, input in different