Configuring IPsec on OSPFv3 virtual links

IP Security (IPsec) can be configured for virtual links.

Before you begin

An OSPFv3 virtual link must be configured.

About this task

The virtual link IPsec security associations (SAs) and policies are added to all interfaces of the transit area for the outbound direction. For the inbound direction, IPsec SAs and policies for virtual links are added to the global database.

Procedure

  1. Enter the configure terminal command to access global configuration mode.
    device# configure terminal
  2. Enter the ip router-id command to specify the router ID.
    device(config)# ip router-id 10.1.1.1
  3. Enter the ipv6 router ospf command to enter OSPFv3 configuration mode and enable OSPFv3 on the router.
    device(config)# ipv6 router ospf
  4. Enter area virtual-link authentication spi value ah hmac-sha1 key, specifying an area address and the ID of the OSPFv3 device at the remote end of the virtual link.
    device(config-ipv6-router-ospf-vrf-default-vrf)# area 1 virtual-link 10.1.1.1 authentication spi 512 ah hmac-sha1 key 1134567890223456789012345678901234567890
    
    
    IPsec is configured on the specified virtual link in OSPF area 1. The device ID associated with the virtual link neighbor is 10.1.1.1, the SPI value is 512, and the authentication header (AH) protocol is selected. Secure Hash Algorithm 1 (SHA-1) authentication is enabled. The 40-character key is not encrypted in show command displays.

Example

The following example configures IPsec on an OSPFv3 area.

device# configure terminal
device(config)# ip router-id 10.1.1.1
device(config)# ipv6 router ospf
device(config-ipv6-router-ospf-vrf-default-vrf)# area 1 virtual-link 10.1.1.1 authentication spi 512 ah hmac-sha1 key 1134567890223456789012345678901234567890