Command Reference Guide
270 ● sa string-key 3Com Router 5000 Family and Router 6000 Family
Command Reference
sa string-key
Purpose Use the sa string-key command to set the SA parameter manually for the ipsec
policy of manual mode.
Use the undo sa string-key command to delete the SA parameter already set.
Syntax sa string-key { inbound | outbound } { ah | esp } string-key
undo sa string-key { inbound | outbound } { ah | esp }
Parameters inbound
Sets the string-key parameter for the inbound SA.
IPSec uses the inbound SA for processing the packet in
the inbound direction (received).
outbound
Sets the string-key parameter for the outbound SA.
IPSec uses the outbound SA for processing the packet
in the outbound direction (sent).
ah
Sets the string-key parameter for the SA using AH. If
the IPSec proposal set used by the ipsec policy adopts
AH, the ah key word is used here to set the string-key
relevant parameter of the SA.
esp
Sets the string-key parameter for the SA using ESP. If
the IPSec proposal set used by the ipsec policy adopts
ESP, the esp key word is used here to set the string-key
relevant parameter of the SA.
string-key
Specifies the key for an SA input in the character string
format, with a length ranging 1 to 256 characters. For
different algorithms, you can input character strings of
any length in the specified range, and the system will
generate keys meeting the algorithm requirements
automatically according to the input character strings.
As for ESP, the system will automatically generate the
key for the authentication algorithm and that for the
encryption algorithm at the same time.
Example Set the SPI of the inbound SA to 10000, and the key string to abcdef; sets the SPI of
the outbound SA to 20000, and its key string to efcdab in the ipsec policy using AH
and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000
[3Com-ipsec-policy-manual-tianjin-100] sa string-key abcdef
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000
[3Com-ipsec-policy-manual-tianjin-100] sa string-key efcdab