IP Security (IPsec) can be configured for virtual links.
Before you begin
An OSPFv3 virtual link must be configured.
About this task
The virtual link IPsec security associations (SAs) and policies are added to all interfaces of the transit area for the outbound direction. For the inbound direction, IPsec SAs and policies for virtual links are added to the global database.
Procedure
-
Enter the
configure terminal command to access global configuration mode.
device# configure terminal
-
Enter the
ip router-id command to specify the router ID.
device(config)# ip router-id 10.1.1.1
-
Enter the
ipv6 router ospf command to enter OSPFv3 configuration mode and enable OSPFv3 on the router.
device(config)# ipv6 router ospf
-
Enter
area virtual-link authentication
spi
value
ah
hmac-sha1
key, specifying an area address and the ID of the OSPFv3 device at the remote end of the virtual link.
device(config-ipv6-router-ospf-vrf-default-vrf)# area 1 virtual-link 10.1.1.1 authentication spi 512 ah hmac-sha1 key 1134567890223456789012345678901234567890
IPsec is configured on the specified virtual link in OSPF area 1. The device ID associated with the virtual link neighbor is 10.1.1.1, the SPI value is 512, and the authentication header (AH) protocol is selected. Secure Hash Algorithm 1 (SHA-1) authentication is enabled. The 40-character key is not encrypted in
show command displays.
Example
The following example configures IPsec on an OSPFv3 area.
device# configure terminal
device(config)# ip router-id 10.1.1.1
device(config)# ipv6 router ospf
device(config-ipv6-router-ospf-vrf-default-vrf)# area 1 virtual-link 10.1.1.1 authentication spi 512 ah hmac-sha1 key 1134567890223456789012345678901234567890
