Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-26
ways, are available, the one specified the last takes effect. At both ends of a security
tunnel, the key should be input in the same way. If the key is input in character string at
one end, and it is input in hex at the other end, then a security tunnel cannot be set up
correctly.
Related command: ipsec policy (system view), ipsec policy (interface view),
security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set SPI of the inbound SA to 10000, key to 0x112233445566778899aabbccddeeff00;
set the SPI of the outbound SA to 20000, and its key to
0xaabbccddeeff001100aabbccddeeff00 in the ipsec policy using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000
[3Com-ipsec-policy-manual-tianjin-100] sa authentication-hex inbound ah
112233445566778899aabbccddeeff00
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000
[3Com-ipsec-policy-manual-tianjin-100] sa authentication-hex outbound ah
aabbccddeeff001100aabbccddeeff00
5.1.21 sa duration
Syntax
sa duration { traffic-based kilobytes | time-based seconds }
undo sa duration { traffic-based | time-based }
View
IPSec policy view, IPSec policy template view
Parameter
time-based seconds: Time-based SA duration in second, ranging 30 to 604800
seconds. It is 3600 seconds (1 hour) by default.
traffic-based kilobytes: Traffic-based SA duration in kilobyte, ranging 256 to 4194303
kilobytes. It is 1843200 kilobytes by default.
Description
Use the sa duration command to set a SA duration of the ipsec policy.