Configuring an ike-based ipsec policy – H3C Technologies H3C S12500-X Series Switches User Manual

Page 149

Advertising
background image

137

Step Command

Remarks

7.

Configure an SPI for the
inbound or outbound

IPsec SA.

To configure an SPI for the
inbound IPsec SA:

sa spi inbound { ah | esp }

spi-number

To configure an SPI for the

outbound IPsec SA:

sa spi outbound { ah | esp }
spi-number

By default, no SPI is configured for the
inbound or outbound IPsec SA.

8.

Configure keys for the

IPsec SA.

Configure an authentication

key in hexadecimal format for

AH:
sa hex-key authentication

{ inbound | outbound } ah

{ cipher | simple } key-value

Configure an authentication

key in character format for AH:

sa string-key { inbound |
outbound } ah { cipher |

simple } key-value

Configure a key in character

format for ESP:

sa string-key { inbound |

outbound } esp { cipher |
simple } key-value

Configure an authentication

key in hexadecimal format for
ESP:

sa hex-key authentication

{ inbound | outbound } esp

{ cipher | simple } key-value

Configure an encryption key in

hexadecimal format for ESP:
sa hex-key encryption

{ inbound | outbound } esp

{ cipher | simple } key-value

By default, no keys are configured for the
IPsec SA.
Configure keys correctly for the security

protocol (AH, ESP, or both) you have
specified in the IPsec transform set

referenced by the IPsec policy.
If you configure a key in both the

character and the hexadecimal formats,
only the most recent configuration takes

effect.
If you configure a key in character format
for ESP, the device automatically

generates an authentication key and an
encryption key for ESP.

241B

Configuring an IKE-based IPsec policy

In an IKE-based IPsec policy, the parameters are automatically negotiated through IKE.
To configure an IKE-based IPsec policy, directly configure it by configuring the parameters in IPsec policy

view.

470B

Configuration restrictions and guidelines

The IPsec configurations at the two ends of an IPsec tunnel must meet the following requirements:

The IPsec policies at the two tunnel ends must have IPsec transform sets that use the same security
protocols, security algorithms, and encapsulation mode.

The IPsec policies at the two tunnel ends must have the same IKE profile parameters.

Advertising
This manual is related to the following products:

H3C S5560 Series Switches, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C S9800 Series Switches, H3C S5130 Series Switches, H3C S5120 Series Switches

Popular Brands
Popular manuals