< Home

sa encryption-hex (upgrade-compatible command)

Function

The sa encryption-hex command configures an encryption key for manual Security Association (SA) in hexadecimal format.

Format

sa encryption-hex { inbound | outbound } { ah | esp } plain hex-plain-key

Parameters

Parameter Description Value
inbound Specifies SA parameters for incoming packets. -
outbound Specifies SA parameters for outgoing packets. -
ah Specifies SA parameters for Authentication Header (AH). If the security proposal applied to an SA uses AH, ah must be configured in the sa encryption-hex command. -
esp Specifies SA parameters for Encapsulating Security Payload (ESP). If the security proposal applied to an SA uses ESP, esp must be configured in the sa encryption-hex command. -
plain Indicates the plaintext used for authentication. -
hex-plain-key Specifies the plaintext key. The value is in hexadecimal notation.
  • If encryption algorithm Data Encryption Standard (DES) is used, the length of the key is 8 bytes.
  • If encryption algorithm Triple Data Encryption Standard (3DES) is used, the length of the key is 24 bytes.
  • If encryption algorithm Advanced Encryption Standard 128 (AES-128) is used, the length of the key is 16 bytes.
  • If encryption algorithm AES-192 is used, the length of the key is 24 bytes.
  • If encryption algorithm AES-256 is used, the length of the key is 32 bytes.
NOTE:

The DES and 3DES encryption algorithms have security risks; therefore, you are advised to use AES-128, AES-192 or AES-256 preferentially.

Views

SA view

Default Level

3: Management level

Usage Guidelines

This command is upgrade compatible and can be executed during configuration recovery. Users cannot manually configure this command.

After the upgrade, this command is no longer supported, and it is replaced by the sa encryption-hex command.

Parent Topic: VPN compatible command
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >