ipsec sa

Function

The ipsec sa command creates a Security Association (SA) and displays the SA view.

The undo ipsec sa command deletes an SA.

By default, no SA is created.

Format

ipsec sa sa-name

undo ipsec sa sa-name

Parameters

Parameter	Description	Value
sa-name	Specifies the name of an SA.	It is a string of 1 to 15 case-sensitive characters, spaces not supported. The characters can be letters or numbers, hyphens (-) not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Parameter

Description

Value

sa-name

Specifies the name of an SA.

It is a string of 1 to 15 case-sensitive characters, spaces not supported. The characters can be letters or numbers, hyphens (-) not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
ipsec	write

Usage Guidelines

Usage Scenario

IPsec uses an SA to ensure security during protocol packet transmission. When configuring IPsec, run the ipsec sa command to create an SA and configure SA parameters.

Follow-up Procedure

Run the proposal command to import a security proposal; run the sa spi command to configure the SPI; run the sa string-key, sa authentication-hex or sa encryption-hex command to configure the authentication key.

Precautions

An SA is unidirectional. Incoming protocol packets and outgoing protocol packets are processed by different SAs.

An SA can be configured with only one security protocol.

Example

# Create an SA.

<HUAWEI> system-view
[~HUAWEI] ipsec sa sa1