562Parametersinbound: Specifies a hexadecimal authentication key for inbound SAs.outbound: Specifies a hexadecimal authentication key for outbound SAs.ah: Uses AH.esp: Uses ESP.cipher: Specifies a key in encrypted form.simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext formwill be stored in encrypted form.string: Specifies the key. Its plaintext form is case insensitive and must be a 16-byte hexadecimalstring for HMAC-MD5, a 20-byte hexadecimal string for HMAC-SHA1, and a 32-byte hexadecimalstring for HMAC-SM3. Its encrypted form is a case-sensitive string of 1 to 85 characters.Usage guidelinesThis command applies only to manual IPsec policies and IPsec profiles.You must set an authentication key for both the inbound and outbound SAs.The local inbound SA must use the same authentication key as the remote outbound SA, and thelocal outbound SA must use the same authentication key as the remote inbound SA.In an IPsec profile to be applied to an IPv6 routing protocol, the local authentication keys of theinbound and outbound SAs must be identical.If you execute this command multiple times, the most recent configuration takes effect.The keys for the IPsec SAs at the two tunnel ends must be input in the same format (either inhexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel.Examples# Configure plaintext authentication keys 0x112233445566778899aabbccddeeff00 and0xaabbccddeeff001100aabbccddeeff00 for the inbound and outbound SAs that use AH. system-view[Sysname] ipsec policy policy1 100 manual[Sysname-ipsec-policy-manual-policy1-100] sa hex-key authentication inbound ah simple112233445566778899aabbccddeeff00[Sysname-ipsec-policy-manual-policy1-100] sa hex-key authentication outbound ah simpleaabbccddeeff001100aabbccddeeff00Related commandsdisplay ipsec sasa string-keysa hex-key encryptionUse sa encryption-hex to configure a hexadecimal encryption key for manual IPsec SAs.Use undo sa encryption-hex to remove the hexadecimal encryption key.Syntaxsa hex-key encryption { inbound | outbound } esp { cipher | simple } stringundo sa hex-key encryption { inbound | outbound } espDefaultNo hexadecimal encryption key is configured for manual IPsec SAs.