Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 3000 Router Series
1151115211531154115511561157115811591160
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-30
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately.
The SA parameters set at both ends of the security tunnel must be fully matching. The
SPI and key for the SA input at the local end must be the same as those output at the
remote. The SA SPI and key output at the local end must be the same as those input at
the remote.
Related command: ipsec policy(system view), ipsec policy(interface view), security
acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, set the SPI of the outbound SA to 20000, in
the ipsec policy using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000
5.1.24 sa string-key
Syntax
sa string-key { inbound | outbound } { ah | esp } string-key
undo sa string-key { inbound | outbound } { ah | esp }
View
Manually-established IPSec policy view
Parameter
inbound: Sets the string-key parameter for the inbound SA. IPSec uses the inbound
SA for processing the packet in the inbound direction (received).
outbound: Sets the string-key parameter for the outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
ah: Sets the string-key parameter for the SA using AH. If the IPSec proposal set used
by the ipsec policy adopts AH, the ah key word is used here to set the string-key
relevant parameter of the SA.
esp: Sets the string-key parameter for the SA using ESP. If the IPSec proposal set
used by the ipsec policy adopts ESP, the esp key word is used here to set the
string-key relevant parameter of the SA.