Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 3000 Router Series
1151115211531154115511561157115811591160
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-28
Parameter
inbound: Sets the encryption-hex parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).
outbound: Sets the encryption-hex parameter for outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
esp: Sets the encryption-hex parameter for the SA using ESP. If the IPSec proposal
used by the ipsec policy adopts ESP, the esp key word is used here to set the ESP
relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. When applied in ESP, if DES
is used, then input an 8-byte key; if 3DES is used, then input a 24-byte key.
Description
Use the sa encryption-hex command to set the SA encryption key manually for the
ipsec policy of manual mode.
Use the undo sa encryption-hex command to delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set the SA
parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately.
The SA parameters set at both ends of the security tunnel must be fully matching. The
SPI and key for the SA input at the local end must be the same as those output at the
remote. The SA SPI and key output at the local end must be the same as those input at
the remote.
Related command: ipsec policy(system view), ipsec policy(interface view), security
acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 1001, and the key to 0x1234567890abcdef; set the
SPI of the outbound SA to 2001, and its key to 0xabcdefabcdef1234 in the ipsec policy
using ESP and DES.
[3Com] ipsec proposal prop_esp
[3Com-ipsec-proposal-prop_esp] transform esp
[3Com-ipsec-proposal-prop_esp] ah encryption-algorithm des
[3Com-ipsec-proposal-prop_esp] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_esp