No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

AR500, AR510, and AR530 V200R007

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
sa spi

sa spi

Function

The sa spi command sets the Security Parameter Index (SPI) for the SAs.

The undo sa spi command cancels the configuration.

By default, no SPI is set for an SA.

Format

sa spi { inbound | outbound } { ah | esp } spi-number

undo sa spi { inbound | outbound } { ah | esp }

Parameters

Parameter

Description

Value

inbound

Indicates the inbound SA.

-

outbound

Indicates the outbound SA.

-

ah

Indicates that the SA uses the AH protocol. If the IPSec proposal referenced by the IPSec policy uses the AH protocol, use this keyword to set the SPI of the SA.

-

esp

Indicates that the SA uses the ESP protocol. If the IPSec proposal referenced by the IPSec policy uses the ESP protocol, use this keyword to set the SPI of the SA.

-

spi-number

Specifies the SPI of an SA.

The value is an integer that ranges from 256 to 4294967295.

Views

Manual IPSec policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The SPI identifies the binding between a data flow and an SA at the receive end.

When configuring an IPSec policy in manual mode, you must specify the SPIs of inbound and outbound SAs. The inbound SPI on the local end must be the same as the outbound SPI on the remote end. The outbound SPI on the local end must be the same as the inbound SPI on the remote end.

Precautions

The sa spi command applies to the IPSec policy that is used to establish an SA manually. You do not need to set the SPI of the SA established through IKE negotiation.

Example

# In an IPSec policy that uses the AH protocol and SHA-256 authentication algorithm, set the SPI of the inbound SA to 10000 and the SPI of the outbound SA to 20000.

<Huawei> system-view
[Huawei] ipsec proposal prop1
[Huawei-ipsec-proposal-prop1] transform ah
[Huawei-ipsec-proposal-prop1] ah authentication-algorithm sha2-256
[Huawei-ipsec-proposal-prop1] quit
[Huawei] ipsec policy policy1 100 manual
[Huawei-ipsec-policy-manual-policy1-100] proposal prop1
[Huawei-ipsec-policy-manual-policy1-100] sa spi inbound ah 10000
[Huawei-ipsec-policy-manual-policy1-100] sa spi outbound ah 20000
Translation
Download
Updated: 2019-02-18

Document ID: EDOC1000097293

Views: 36530

Downloads: 101

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next