R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
99
Use undo reverse-route tag to restore the default.
By default, the tag value is 0 for the static routes created by IPsec RRI.
This command makes sense only when used together with the reverse-route command.
When you change the route tag, static IPsec RRI deletes all static routes it has created and creates new
static routes. In contrast, dynamic IPsec RRI applies the new route tag only to subsequent static routes. It
does not delete or modify static routes it has created.
For information about routing policies, see Network Management Configuration Guide.
Related commands: reverse-route.
Examples
# Set the tag value to 50 for the static routes created by IPsec RRI.
<Sysname>system-view
[Sysname] ipsec policy 1 1 isakmp
[Sysname-ipsec-policy-isakmp-1-1] reverse-route tag 50
sa authentication-hex
Syntax
sa authentication-hex { inbound | outbound } { ah | esp } hex-key
undo sa authentication-hex { inbound | outbound } { ah | esp }
View
IPsec policy view
Default level
2: System level
Parameters
inbound: Specifies the inbound SA through which IPsec processes the received packets.
outbound: Specifies the outbound SA through which IPsec processes the packets to be sent.
ah: Uses AH.
esp: Uses ESP.
hex-key: Authentication key for the SA, in hexadecimal format. The length of the key is 16 bytes for MD5
and 20 bytes for SHA1.
Description
Use sa authentication-hex to configure an authentication key for an SA.
Use undo sa authentication-hex to remove the configuration.
This command applies to only manual IPsec policies.
When you configure a manual IPsec policy, you must set the parameters of both the inbound and
outbound SAs.
The authentication key for the inbound SA at the local end must be the same as that for the outbound SA
at the remote end, and the authentication key for the outbound SA at the local end must be the same as
that for the inbound SA at the remote end.