Internet Protocol Security (IPsec) is an internet layer, end-to-end security scheme that provides for the securing of IP communications by authentication and encrypted authentication of each communication session IP packet. IPsec for OSPFv3 is configured on the interface. The IPsec for OSPFv3 implementation supports both authentication only and encrypted authentication. IPsec must first be enabled on the interface. Supported IPsec authentication algorithms are:
Supported IPsec encryption ciphers are:
Each IPsec configuration must have a Security Parameters Index (SPI) with a value between 256 - 4294967295 assigned to it and a security key. The key can be specified as a hex key.
IPsec must be enabled in global VRF router configuration mode using the crypto ipsec enable command before using IPsec for OSPFv3 authentication or encrypted authentication.
Configure IPsec for OSPFv3 on an interface for authentication only by specifying the SPI and authentication algorithm using the ipv6 ospf authentication command in interface configuration mode.
This example shows how to configure VLAN 1 for IPsec SPI entry 256 for MD5 authentication with a hex key of 1234567890abcdef:
System(rw-config)->crypto ipsec enable System(rw-config)->interface vlan 1 System(rw-config-intf-vlan.0.1)->ipv6 ospf authentication spi 256 md5 1234567890abcdef hex
Configure IPsec for OSPFv3 on an interface for encrypted authentication by specifying the SPI, authentication algorithm and encryption cipher using the ipv6 ospf encryption command in interface configuration mode.
This example shows how to configure VLAN 1 for IPsec SPI entry 256 for the 128-bit aescbc encryption with a key of 1234567890abcdef, and for MD5 authentication with a hex key of 1234567890abcdef:
System(rw-config)->crypto ipsec enable System(rw-config)->interface vlan 1 System(rw-config-intf-vlan.0.1)->ipv6 ospf encryption ipsec spi 256 esp aescbc 128 1234567890abcedf hex auth md5 1234567890abcdef hex