This document describes how to configure IPv6 IPsec virtual tunnel interfaces (VTI) on a router. The key steps are:
1. Enable IPv6 unicast routing globally on the router.
2. Configure a tunnel interface, assign it an IPv6 address, and set the encapsulation mode to IPsec IPv6.
3. Associate the tunnel interface with an IPsec profile to apply security settings to the tunnel.
This document describes how to configure IPv6 IPsec virtual tunnel interfaces (VTI) on a router. The key steps are:
1. Enable IPv6 unicast routing globally on the router.
2. Configure a tunnel interface, assign it an IPv6 address, and set the encapsulation mode to IPsec IPv6.
3. Associate the tunnel interface with an IPsec profile to apply security settings to the tunnel.
This document describes how to configure IPv6 IPsec virtual tunnel interfaces (VTI) on a router. The key steps are:
1. Enable IPv6 unicast routing globally on the router.
2. Configure a tunnel interface, assign it an IPv6 address, and set the encapsulation mode to IPsec IPv6.
3. Associate the tunnel interface with an IPsec profile to apply security settings to the tunnel.
This document describes how to configure IPv6 IPsec virtual tunnel interfaces (VTI) on a router. The key steps are:
1. Enable IPv6 unicast routing globally on the router.
2. Configure a tunnel interface, assign it an IPv6 address, and set the encapsulation mode to IPsec IPv6.
3. Associate the tunnel interface with an IPsec profile to apply security settings to the tunnel.
9. tunnel mode {aurp | cayman | dvmrp | eon | gre | gre multipoint | gre ipv6 | ipip [decapsulate-any] | ipsec ipv4 | iptalk | ipv6 | ipsec ipv6 | mpls | nos | rbscp}
10. tunnel protection ipsec profile name [shared]
DETAILED STEPS
Command or Action Purpose
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password Router> enable if prompted. Step 2 configure terminal Enters global configuration mode. Example:
Router# configure terminal
Step 3 ipv6 unicast-routing Enables IPv6 unicast routing. You only need Example: to enable IPv6 unicast routing once, not matter Router(config)# ipv6 unicast- how many interface routing tunnels you want to configure. Step 4 interface tunnel tunnel-number Specifies a tunnel interface and number, Example: and enters interface configuration mode. Router(config)# interface tunnel 0 Step 5 ipv6 address ipv6-address/prefix Provides an IPv6 address to this tunnel interface, Example: so that IPv6 traffic can be routed to this tunnel. Router(config-if)# ipv6 address 3FFE:C000:0:7::/64 eui-64 Step 6 ipv6 enable Enables IPv6 on this tunnel interface. Example:
Router(config-if)# ipv6 enable
Step 7 tunnel source {ip-address | ipv6- Sets the source address address | interface-type interface- for a tunnel interface. number}
Example:
Router(config-if)# tunnel source ethernet0 Step 8 tunnel destination {host-name | ip- Specifies the destination address | ipv6-address} for a tunnel interface.
Example:
Router(config-if)# tunnel destination 2001:DB8:1111:2222::1 Step 9 tunnel mode {aurp | cayman | Sets the encapsulation dvmrp | eon | gre | gre multipoint | mode for the tunnel gre ipv6 | ipip [decapsulate-any] | interface. For IPsec, only ipsec ipv4 | iptalk | ipv6 | ipsec the ipsec ipv6 keywords are supported. ipv6 | mpls | nos | rbscp}
Example:
Router(config-if)# tunnel mode ipsec ipv6 Step 10 tunnel protection ipsec profile Associates a tunnel name [shared] interface with an IPsec profile. IPv6 does not Example: support the shared keyword. Router(config-if)# tunnel protection ipsec profile profile1
Verifying IPsec Tunnel Mode Configuration
Perform this optional task as needed to verify IPsec tunnel mode configuration.
SUMMARY STEPS
1. show adjacency [summary [interface-type interface-number]] | [prefix] [interface
peer detail Step 5 show crypto isakmp policy Displays the parameters for each IKE policy. Example:
Router# show crypto isakmp
policy Step 6 show crypto isakmp profile Lists all the ISAKMP profiles that are [tag profilename | vrf vrfname] defined on a router.
Example:
Router# show crypto isakmp
profile Step 7 show crypto map [interface Displays the crypto map configuration. interface | tag map-name] The crypto maps shown in this command Example: output are dynamically generated. The user does not have to configure crypto maps. Router# show crypto map Step 8 show crypto session [detail] | Displays status information for active crypto [local ip-address [port local- sessions. port] | [remote ip-address [port remote-port]] | detail] | fvfr vrf- IPv6 does not support the fvfr or ivrf name | ivrf vrf-name keywords or the vrf-name argument.
Example:
Router# show crypto session
Step 9 show crypto socket Lists crypto sockets.
Example:
Router# show crypto socket
Step 10 show ipv6 access-list [access- Displays the contents of all current IPv6 list-name] access lists.
Example: Router# show ipv6 access- list
Step 11 show ipv6 cef [ipv6- Displays entries in the IPv6 Forwarding prefix/prefix-length] | [interface- Information Base (FIB). type interface-number] [longer- prefixes | similar-prefixes | detail | internal | platform | epoch | source]]
Example: Router# show ipv6 cef
Step 12 show interface type number Displays numbers of packets that were stats process switched, fast switched, and distributed switched. Example:
