H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 367
353
•
The keys for the local and remote inbound and outbound SAs must be in the same format. For
example, if the local inbound SA uses a key in characters, the local outbound SA and remote
inbound and outbound SAs must use keys in characters.
To configure a manual IPsec policy:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a manual IPsec
policy and enter its view.
ipsec policy policy-name seq-number
manual
By default, no IPsec policy exists.
3.
Assign an IPsec proposal
to the IPsec policy.
proposal proposal-name
By default, an IPsec policy
references no IPsec proposal.
A manual IPsec policy can
reference only one IPsec
proposal. To change an IPsec
proposal for an IPsec policy, you
must remove the reference first.
4.
Configure the local
address of the IPsec
tunnel
tunnel local ip-address
Not configured by default.
5.
Configure the remote
address of the IPsec
tunnel
tunnel remote ip-address
Not configured by default.
6.
Configure an SPI.
sa spi { inbound | outbound } { ah | esp }
spi-number
N/A
7.
Configure keys.
•
Configure an authentication key in
hexadecimal for AH:
sa authentication-hex { inbound |
outbound } ah hex-key
•
Configure an authentication key in
characters for AH:
sa string-key { inbound | outbound }
ah string-key
•
Configure a key in characters for ESP:
sa string-key { inbound | outbound }
esp string-key
•
Configure an authentication key in
hexadecimal for ESP:
sa authentication-hex { inbound |
outbound } esp hex-key
•
Configure an encryption key in
hexadecimal for ESP:
sa encryption-hex { inbound |
outbound } esp hex-key
Configure keys properly for the
security protocol (AH or ESP) you
have specified.
If you configure a key in
characters for ESP, the system
automatically generates an
authentication key and an
encryption key for ESP.
If you configure a key in two
modes: string and hexadecimal,
only the last configured one will
be used.
NOTE:
You cannot change the creation mode of an IPsec policy from manual to through IKE, or vice versa. To
create an IPsec policy that uses IKE, delete the manual IPsec policy, and then use IKE to configure an IPsec
policy.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000