F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

101

102

103

104

105

106

107

108

109

110

101

Use undo sa authentication-hex to remove the configuration.

Syntax

sa authentication-hex { inbound | outbound } { ah | esp } [ cipher string-key | simple hex-key ]

undo sa authentication-hex { inbound | outbound } { ah | esp }

Views

IPsec policy view

Default command level

2: System level

Parameters

inbound: Specifies the inbound SA through which IPsec processes the received packets.

outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.

ah: Uses AH.

esp: Uses ESP.

cipher string-key: Sets a ciphertext authentication key. The string-key argument is a case-sensitive

ciphertext string of 1 to 117 characters.

simple hex-key: Sets a plaintext authentication key. The hex-key argument is case insensitive and must be

a 16-byte hexadecimal string for MD5, or a 20-byte hexadecimal string for SHA1 .

If neither cipher nor simple is specified, you set a plaintext authentication key string.

For secrecy, all keys, including keys configured in plain text, are saved in cipher text.

Usage guidelines

This command applies to only manual IPsec policies.

When configuring a manual IPsec policy, you must set the parameters of both the inbound and outbound

SAs.

The authentication key for the inbound SA at the local end must be the same as that for the outbound SA

at the remote end, and the authentication key for the outbound SA at the local end must be the same as

that for the inbound SA at the remote end.

With an IPsec policy for an IPv6 routing protocol, the local SPI of the inbound SA and that of the

outbound SA must be identical.

At each end of an IPsec tunnel, the keys for the inbound and outbound SAs must be in the same format

(both in hexadecimal format or both in string format), and the keys must be specified in the same format

for both ends of the tunnel.

Examples

# Configure the authentication keys of the inbound and outbound SAs that use AH as

0x112233445566778899aabbccddeeff00 and 0xaabbccddeeff001100aabbccddeeff00 in plain text.

<Sysname> system-view

[Sysname] ipsec policy policy1 100 manual

[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex inbound ah simple

112233445566778899aabbccddeeff00

[Sysname-ipsec-policy-manual-policy1-100] sa authentication-hex outbound ah simple

aabbccddeeff001100aabbccddeeff00