Command Reference Guide
266 ● sa encryption-hex 3Com Router 5000 Family and Router 6000 Family
Command Reference
sa encryption-hex
Purpose Use the sa encryption-hex command to set the SA encryption key manually for
the ipsec policy of manual mode.
Use the undo sa encryption-hex command to delete the SA parameter already
set.
Syntax sa encryption-hex { inbound | outbound } esp hex-key
undo sa encryption-hex { inbound | outbound } esp
Parameters inbound
Sets the encryption-hex parameter for the inbound SA.
IPSec uses the inbound SA for processing the packet in
the inbound direction (received).
outbound
Sets the encryption-hex parameter for outbound SA.
IPSec uses the outbound SA for processing the packet
in the outbound direction (sent).
esp
Sets the encryption-hex parameter for the SA using
ESP. If the IPSec proposal used by the ipsec policy
adopts ESP, the esp key word is used here to set the
ESP relevant parameter of the SA.
hex-key
Specifies a key for the SA input in the hex format.
When applied in ESP, if DES is used, then input an
8-byte key; if 3DES is used, then input a 24-byte key.
Example Set the SPI of the inbound SA to 1001, and the key to 0x1234567890abcdef; set the
SPI of the outbound SA to 2001, and its key to 0xabcdefabcdef1234 in the ipsec
policy using ESP and DES.
[3Com] ipsec proposal prop_esp
[3Com-ipsec-proposal-prop_esp] transform esp
[3Com-ipsec-proposal-prop_esp] ah encryption-algorithm des
[3Com-ipsec-proposal-prop_esp] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_esp
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound esp 1001
[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex inbound esp
1234567890abcdef
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound esp 2001
[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex outbound esp
abcdefabcdef1234
View This command can be used in the following views:
■ Manually-Established IPSec Policy view