Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 5000 Router Series
2261226222632264226522662267226822692270
3Com Router 5000 Family and Router 6000 Family sa string-key 271
Command Reference
View This command can be used in the following views:
Manually-Established IPSec Policy view
Description This command is only used for the ipsec policy in manual mode. It is used to set the
SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately
The SA parameters set at both ends of the security tunnel must be fully matching. The
SPI and key for the SA input at the local end must be the same as those output at the
remote. The SA SPI and key output at the local end must be the same as those input
at the remote.
There are two methods for inputting the key: hex and character string. To input a
hexadecimal key, use the
sa authentication-hex command. For the character
string key and hex string key, the last set one will be adopted. At both ends of a
security tunnel, the key should be input by the same method. If the key is input in
character string at one end, and it is input in hex at the other end, then a security
tunnel cannot be set up correctly.
Related Commands ipsec policy (Interface view)
ipsec policy (System view)
proposal
sa duration
security acl
tunnel local
tunnel remote