
Creating a Security Policy 571
Perform the following configurations in IPSec policy view.
1 Set SPI parameters for the security policy association
Table 643 Configure SPI Parameters of Security Policy Association
By default, no SPI value of inbound/outbound SA is set.
2 Set the key used by the security policy association
Table 644 Configure Key Used by Security Policy Association
By default, no key is used by any security policy.
Operation Command
Set SPI parameters of inbound SA of
AH/ESP protocol (applicable to IPSec
software and crypto card)
sa inbound {ah |esp} spi spi-number
Delete SPI parameters of inbound SA of
AH/ESP protocol (applicable to IPSec
software and crypto card)
undo sa inbound {ah |esp} spi
Set SPI parameters of outbound SA of
AH/ESP protocol (applicable to IPSec
software and crypto card)
sa outbound {ah |esp} spi spi-number
Delete SPI parameters of outbound SA of
AH/ESP protocol (applicable to IPSec
software and crypto card)
undo sa outbound {ah |esp} spi
Operation Command
Set authentication key of AH protocol
(input in hexadecimal mode) (applicable to
IPSec software and crypto card)
sa { inbound | outbound } ah
hex-key-string hex-key
Delete authentication key of AH protocol
(in hexadecimal mode) (applicable to IPSec
software and crypto card)
undo sa { inbound | outbound } ah
Set authentication key of AH protocol
(input in string mode) (applicable to IPSec
software and crypto card)
sa { inbound | outbound } { ah
string-key string-key
Delete authentication key of AH protocol
(character string) (applicable to IPSec
software and crypto card)
undo sa { inbound | outbound } ah
Configure authentication key of ESP
protocol (input in hexadecimal system)
(applicable to IPSec software and crypto
sa { inbound | outbound } esp
authentication-hex hex-key
Delete authentication key of ESP protocol
(applicable to IPSec software and crypto
undo sa { inbound | outbound } esp
Set ciphering key of ESP protocol (input in
hexadecimal system) (applicable to IPSec
software and crypto card)
sa { inbound | outbound } esp
encryption-hex hex-key
Delete ciphering key of ESP protocol
(applicable to IPSec software and crypto
undo sa { inbound | outbound } esp
Configure both ciphering and
authentication keys of ESP protocol (input
in string) (applicable to IPSec software and
crypto card)
sa { inbound | outbound } esp
string-key string-key
Delete the ciphering and authentication
keys of ESP protocol (applicable to IPSec
software and crypto card)
undo sa { inbound | outbound } esp