Configure IPsec for the OSPF Virtual Link

Use the following procedure to configure and enable IPsec for the OSPF virtual link.

IPsec is disabled by default.

About this task

Until you enable IPsec on both sides of the virtual links, the links cannot exchange OSPFv3 control messages, and the system drops OSPFv3 exchange packets.

You must disable IPsec before you can perform virtual link policy configuration changes.

Before you begin

Configure the OSPF virtual link.
Create the IPsec security association.

Procedure

In the navigation pane, expand Configuration > Security > Control Panel.
Click IPSec.
Click the OSPF Virtual Link tab.
Click Insert.
Specify the area ID.
Specify the neighbor address.
Complete the remaining optional configuration.
Click Insert.

OSPF Virtual Link field descriptions

Use the data in the following table to use the OSPF Virtual Link tab.


Name	Description
AreaId	Identifies the OSPF virtual link area.
Neighbor	Identifies the OSPF virtual link neighbor.
SAName	Links the security association to the OSPF virtual link.
AdminStatus	Enables the policy. The default is disabled.
Action	Configures the action of the IPsec policy under the OSPF virtual tunnel to one of the following: permit—Permits the IP packets. drop—Drops the IP packets. The default is permit.
Direction	Specifies the direction you want to protect with IPsec: inBound—Specifies ingress traffic. outBound—Specifies egress traffic. bothDirections—Specifies both ingress and egress traffic. The default is bothDirections.
SrcAddress	Shows the address of the source interface to which the policy applies.
DstAddress	Shows the address of the destination interface to which the policy applies.
LinkID	Shows a unique ID for the OSPF virtual link. The default is 0.
IfIndex	Shows the interface index to which OSPF virtual link the policy applies.
OperStatus	Shows the operational status of the link, either up or down. The default is down.