Configure IPsec for the OSPF Virtual Link
Use the following procedure to configure and enable IPsec for the OSPF virtual link.
IPsec is disabled by default.
Before you begin
-
Configure the OSPF virtual link.
-
Create the IPsec security association.
About this task
Until you enable IPsec on both sides of the virtual links, the links cannot exchange OSPFv3 control messages, and the system drops OSPFv3 exchange packets.
You must disable IPsec before you can perform virtual link policy configuration changes.
For configuration examples of IPsec used with OSPFv3 virtual link, see OSPFv3 virtual link IPsec configuration example.
Procedure
Example
Switch:1>enable Switch:1#configure terminal Switch:1#(config)router ospf Switch:1(config-ospf)#ipv6 area virtual-link 1.1.1.1 2.2.2.2 ipsec Switch:1(config-ospf)#ipv6 area virtual-link 1.1.1.1 2.2.2.2 ipsec action permit Switch:1(config-ospf)#ipv6 area virtual-link 1.1.1.1 2.2.2.2 ipsec direction both Switch:1(config-ospf)#ipv6 area virtual-link 1.1.1.1 2.2.2.2 ipsec security-association test1 Switch:1(config-ospf)#ipv6 area virtual-link 1.1.1.1 2.2.2.2 ipsec enable
Variable definitions
Use the data in the following table to use the ipv6 area virtual link {A.B.C.D} {A.B.C.D} ipsec command.
Variable |
Value |
---|---|
{A.B.C.D}{A.B.C.D} |
The first IP address specifies the area IP address, and the second IP address specifies the virtual-link IP address. |
action <drop|permit> |
Configures the action of the IPsec policy under the OSPF virtual
tunnel to one of the following:
The default is permit. |
direction <both|in|out> |
Specifies the direction you want to protect with IPsec:
The default is both. |
enable |
Enables the IPsec policy under the OSPF virtual link. |
security-association WORD<0-32> |
Links the security association to the OSPF virtual link. |