sa spi outbound esp

Function

The sa spi command configures the Security Parameter Index (SPI) for a Security Association (SA).

The undo sa spi command deletes the SPI from an SA.

By default, no SPI is configured.

Format

sa spi { outbound esp spi-number }

undo sa spi outbound esp

Parameters

Parameter Description Value
outbound

Specifies SA parameters for outgoing protocol packets.

-
esp

Specifies SA parameters for Encapsulating Security Payload (ESP) . If the security proposal applied to an SA uses ESP, esp must be configured in the sa spi command.

-
spi-number

Specifies the SPI.

The value is an integer ranging from 256 to 4294967295.

Views

IPsec SA view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ipsec write

Usage Guidelines

Usage Scenario

SPI uniquely identifies an SA. When an SPI is configured for an SA, the SPI is carried in each sent protocol packet. The receiver checks the protocol packet authenticity based on the SPI. When the ipsec sa sa-name command is used to create an SA, run the sa spi command to configure the SPI.

Precautions

Set parameters for both inbound and outbound SAs.

The SPI for incoming protocol packets on the local end must be identical with that for outgoing protocol packets on the peer end and vice versa.

Example

# Set the SPI for the SA named sa1.
<HUAWEI> system-view
[~HUAWEI] ipsec sa sa1
[*HUAWEI-ipsec-sa-sa1] sa spi inbound esp 10000
[*HUAWEI-ipsec-sa-sa1] sa spi outbound esp 20000
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >