3. After you configure the IPSec policy, you need to apply it to the interface to enforce
the security policies on that interface and save it to keep it in place after a reboot. To
accomplish this, enter:
© Copyright Lenovo 2016
inbound ESP cipher key
inbound ESP SPI
inbound ESP authenticator key The inbound ESP authenticator key code, in
outbound AH IPsec key
outbound AH IPsec SPI
outbound ESP cipher key
outbound ESP SPI
outbound ESP authenticator key
Note:
When configuring a manual policy ESP, the ESP authenticator key is optional.
If using third‐party switches, the IPsec manual policy session key must be of
fixed length as follows:
For AH key: SHA1 is 20 bytes; MD5 is 16 bytes
For ESP cipher key: 3DES is 24 bytes; AES‐cbc is 24 bytes; DES is 8 bytes
For ESP auth key: SHA1 is 20 bytes; MD5 is 16 bytes
RS G8264(configip)#interface ip <IP interface number, 1‐128>
RS G8264(configipif)#address <IPv6 address>
RS G8264(configipif)#ipsec manualpolicy <policy index, 1‐10>
RS G8264(configipif)#enable (enable the IP interface)
RS G8264#write (save the current configuration)
The inbound ESP key code, in hexadecimal
A number from 256‐4294967295
hexadecimal
The outbound AH key code, in hexadecimal
A number from 256‐4294967295
The outbound ESP key code, in hexadecimal
A number from 256‐4294967295
The outbound ESP authenticator key code, in
hexadecimal
Chapter 30: IPsec with IPv6
485