Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 3000 Router Series
1151115211531154115511561157115811591160
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-31
string-key: Specifies the key for an SA input in the character string format, with a length
ranging 1 to 256 characters. For different algorithms, you can input character strings of
any length in the specified range, and the system will generate keys meeting the
algorithm requirements automatically according to the input character strings. As for
ESP, the system will automatically generate the key for the authentication algorithm
and that for the encryption algorithm at the same time.
Description
Use the sa string-key command to set the SA parameter manually for the ipsec policy
of manual mode.
Use the undo sa string-key command to delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set the SA
parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately
The SA parameters set at both ends of the security tunnel must be fully matching. The
SPI and key for the SA input at the local end must be the same as those output at the
remote. The SA SPI and key output at the local end must be the same as those input at
the remote.
There are two methods for inputting the key: hex and character string. To input a
hexadecimal key, use the sa authentication-hex command. For the character string
key and hex string key, the last set one will be adopted. At both ends of a security tunnel,
the key should be input by the same method. If the key is input in character string at one
end, and it is input in hex at the other end, then a security tunnel cannot be set up
correctly.
Related command: ipsec policy(system view), ipsec policy(interface view), security
acl , tunnel local, tunnel remote, sa duration, proposal.
Example
# Set the SPI of the inbound SA to 10000, and the key string to abcdef; sets the SPI of
the outbound SA to 20000, and its key string to efcdab in the ipsec policy using AH and
MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual