53
cipher
: Specifies a key in encrypted form.
simple
: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form
will be stored in encrypted form.
string
: Specifies the key. Its encrypted form is a case-sensitive string of 1 to 117 characters. Its
plaintext form is a case-insensitive hexadecimal string and the key length varies by algorithm.
The following matrix shows the key length for the algorithms:
Algorithm
Key length (bytes)
DES-CBC
8
3DES-CBC
24
AES128-CBC
16
AES192-CBC
24
AES256-CBC
32
Usage guidelines
This command applies only to manual IPsec policies and IPsec profiles.
You must set an encryption key for both the inbound and outbound SAs.
The local inbound SA must use the same encryption key as the remote outbound SA, and the local
outbound SA must use the same encryption key as the remote inbound SA.
In an IPsec profile to be applied to an IPv6 routing protocol, the local encryption keys of the inbound
and outbound SAs must be identical.
The keys for the IPsec SAs at the two tunnel ends must be configured in the same format (either in
hexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel.
If you execute this command multiple times for the same direction, the most recent configuration
takes effect.
Examples
# Configure plaintext encryption keys
0x1234567890abcdef
and
0xabcdefabcdef1234
for the
inbound and outbound IPsec SAs that use ESP.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa hex-key encryption inbound esp simple
1234567890abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa hex-key encryption outbound esp simple
abcdefabcdef1234
Related commands
display ipsec sa
sa string-key
sa idle-time
Use
sa idle-time
to set the IPsec SA idle timeout. If no traffic matches an IPsec SA within the idle
timeout interval, the IPsec SA is deleted.
Use
undo sa idle-time
to restore the default.
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...