Command Reference Guide
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 411
set session-key [inbound | outbound]
Use the set session-key command to define the encryption and authentication keys for this crypto map.
Variations of this command include the following:
set session-key inbound ah <SPI> <keyvalue>
set session-key inbound esp <SPI> authenticator <keyvalue>
set session-key inbound esp <SPI> cipher <keyvalue>
set session-key inbound esp <SPI> cipher <keyvalue> authenticator <keyvalue>
set session-key outbound ah <SPI> <keyvalue>
set session-key outbound esp <SPI> authenticator <keyvalue>
set session-key outbound esp <SPI> cipher <keyvalue>
set session-key outbound esp <SPI> cipher <keyvalue> authenticator <keyvalue>
Syntax Description
inbound Use this keyword to define encryption keys for inbound traffic.
outbound Use this keyword to define encryption keys for outbound traffic.
ah
<SPI>
Authentication header protocol.
esp
<SPI>
Encapsulating security payload protocol.
cipher
<keyvalue>
Specify encryption/decryption key.
authenticator Specify authentication key.
<keyvalue>
Default Values
There are no default settings for this command.
Command Modes
(config-crypto-map)# Crypto Map Manual Configuration Mode
Functional Notes
The inbound local SPI (security parameter index) must equal the outbound remote SPI. The outbound
local SPI must equal the inbound remote SPI. The key values are the hexadecimal representations of the
keys. They are not true ASCII strings. Therefore, a key of 3031323334353637 represents “01234567”.
See the following table for key length requirements.
Algorithm Minimum key length required
des 64-bits in length; 8 hexadecimal bytes
3des 192-bits in length; 24 hexadecimal bytes
AES-128-CBC 128-bits in length; 16 hexadecimal bytes