beautypg.com

H3C Technologies H3C S6300 Series Switches User Manual

Page 251

background image

236

The keys for the IPsec SAs at the two tunnel ends must be configured in the same format. For

example, if the key at one end is entered as a string of characters, the key on the other end must also
be entered as a string of characters.

To configure a manual IPsec profile:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a manual IPsec
profile and enter its view.

ipsec profile profile-name manual

By default, no IPsec profile exists.
The manual keyword is not needed
if you enter the view of an existing

IPsec profile.

3.

(Optional.) Configure a
description for the IPsec

profile.

description text

By default, no description is
configured.

4.

Reference an IPsec

transform set for the IPsec

profile.

transform-set transform-set-name

By default, no IPsec transform set is
referenced for an IPsec profile.
The referenced IPsec transform set

must use the transport mode.

5.

Configure an SPI for an

SA.

sa spi { inbound | outbound } { ah |
esp } spi-number

By default, no SPI is configured for
an SA.

6.

Configure keys for the

IPsec SA.

Configure an authentication key in

hexadecimal format for AH:
sa hex-key authentication

{ inbound | outbound } ah { cipher

| simple } key-value

Configure an authentication key in

character format for AH:

sa string-key { inbound |
outbound } ah { cipher | simple }

key-value

Configure a key in character

format for ESP:

sa string-key { inbound |

outbound } esp [ cipher | simple ]
key-value

Configure an authentication key in

hexadecimal format for ESP:
sa hex-key authentication

{ inbound | outbound } esp

{ cipher | simple } key-value

Configure an encryption key in

hexadecimal format for ESP:

sa hex-key encryption { inbound |
outbound } esp { cipher | simple }

key-value

By default, no keys are configured
for the IPsec SA.
Configure a key for the security

protocol (AH, ESP, or both) you
have specified.
If you configure a key in character
format for ESP, the device

automatically generates an
authentication key and an

encryption key for ESP.
If you configure a key in both the

character and hexadecimal
formats, only the most recent

configuration takes effect.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: