Configuring IPv6 IPsec VTI

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 6

Configuring IPv6 IPsec VTI

Perform this task to configure and enable IPv6 IPsec virtual tunnel mode for IPv6.

Prerequisites

Use the ipv6 unicast-routing command to enable IPv6 unicast routing.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 unicast-routing

4. interface tunnel tunnel-number

5. ipv6 address ipv6-address/prefix

6. ipv6 enable

7. tunnel source {ip-address | ipv6-address | interface-type interface-number}

8. tunnel destination {host-name | ip-address | ipv6-address}

9. tunnel mode {aurp | cayman | dvmrp | eon | gre | gre multipoint | gre ipv6 | ipip
[decapsulate-any] | ipsec ipv4 | iptalk | ipv6 | ipsec ipv6 | mpls | nos | rbscp}

10. tunnel protection ipsec profile name [shared]

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged
EXEC mode.
Example:
• Enter your password
Router> enable if prompted.
Step 2 configure terminal Enters global
configuration mode.
Example:

Router# configure terminal


Step 3 ipv6 unicast-routing Enables IPv6 unicast
routing. You only need
Example: to enable IPv6 unicast
routing once, not matter
Router(config)# ipv6 unicast- how many interface
routing tunnels you want to
configure.
Step 4 interface tunnel tunnel-number Specifies a tunnel
interface and number,
Example: and enters interface
configuration mode.
Router(config)# interface tunnel 0
Step 5 ipv6 address ipv6-address/prefix Provides an IPv6 address
to this tunnel interface,
Example: so that IPv6 traffic can
be routed to this tunnel.
Router(config-if)# ipv6 address
3FFE:C000:0:7::/64 eui-64
Step 6 ipv6 enable Enables IPv6 on this
tunnel interface.
Example:

Router(config-if)# ipv6 enable


Step 7 tunnel source {ip-address | ipv6- Sets the source address
address | interface-type interface- for a tunnel interface.
number}

Example:

Router(config-if)# tunnel source
ethernet0
Step 8 tunnel destination {host-name | ip- Specifies the destination
address | ipv6-address} for a tunnel interface.

Example:

Router(config-if)# tunnel
destination 2001:DB8:1111:2222::1
Step 9 tunnel mode {aurp | cayman | Sets the encapsulation
dvmrp | eon | gre | gre multipoint | mode for the tunnel
gre ipv6 | ipip [decapsulate-any] | interface. For IPsec, only
ipsec ipv4 | iptalk | ipv6 | ipsec the ipsec ipv6 keywords
are supported.
ipv6 | mpls | nos | rbscp}

Example:

Router(config-if)# tunnel mode
ipsec ipv6
Step 10 tunnel protection ipsec profile Associates a tunnel
name [shared] interface with an IPsec
profile. IPv6 does not
Example: support the shared
keyword.
Router(config-if)# tunnel protection
ipsec profile profile1

Verifying IPsec Tunnel Mode Configuration

Perform this optional task as needed to verify IPsec tunnel mode configuration.

SUMMARY STEPS

1. show adjacency [summary [interface-type interface-number]] | [prefix] [interface


interface-number] [connectionid id] [link {ipv4 | ipv6 | mpls}] [detail]

2. show crypto engine {accelerator | brief | configuration | connections [active | dh |


dropped-packet | show] | qos}

3. show crypto ipsec sa [ipv6] [interface-type interface-number] [detailed]

4. show crypto isakmp peer [config | detail]

5. show crypto isakmp policy

6. show crypto isakmp profile [tag profilename | vrf vrfname]

7. show crypto map [interface interface | tag map-name]

8. show crypto session [detail] | [local ip-address [port local-port] | [remote ip-address
[port remote-port]] | detail] | fvfr vrf-name | [ivrf vrf-name]

9. show crypto socket

10. show ipv6 access-list [access-list-name]


11. show ipv6 cef [vrf] [ipv6-prefix/prefix-length] | [interface-type interface-number]
[longer-prefixes | similar-prefixes | detail | internal | platform | epoch | source]]

12. show interface type number stats

DETAILED STEPS

Command or Action Purpose


Step 1 show adjacency [summary Displays information about the Cisco
[interface-type interface- Express Forwarding adjacency table or the
number]] | [prefix] [interface hardware Layer 3-switching adjacency table.
interface-number] [connectionid
id] [link {ipv4 | ipv6 | mpls}]
[detail]

Example:
Router# show adjacency
detail

Step 2 show crypto engine Displays a summary of the configuration


{accelerator | brief | information for the crypto engines.
configuration | connections
[active | dh | dropped-packet |
show] | qos}

Example:

Router# show crypto engine


connection active
Step 3 show crypto ipsec sa [ipv6] Displays the settings used by current SAs in
[interface-type interface- IPv6.
number] [detailed]

Example:

Router# show crypto ipsec sa


ipv6
Step 4 show crypto isakmp peer Displays peer descriptions.
[config | detail]

Example:

Router# show crypto isakmp


peer detail
Step 5 show crypto isakmp policy Displays the parameters for each IKE policy.
Example:

Router# show crypto isakmp


policy
Step 6 show crypto isakmp profile Lists all the ISAKMP profiles that are
[tag profilename | vrf vrfname] defined on a router.

Example:

Router# show crypto isakmp


profile
Step 7 show crypto map [interface Displays the crypto map configuration.
interface | tag map-name]
The crypto maps shown in this command
Example: output are dynamically generated. The user
does not have to configure crypto maps.
Router# show crypto map
Step 8 show crypto session [detail] | Displays status information for active crypto
[local ip-address [port local- sessions.
port] | [remote ip-address [port
remote-port]] | detail] | fvfr vrf- IPv6 does not support the fvfr or ivrf
name | ivrf vrf-name keywords or the vrf-name argument.

Example:

Router# show crypto session


Step 9 show crypto socket Lists crypto sockets.

Example:

Router# show crypto socket


Step 10 show ipv6 access-list [access- Displays the contents of all current IPv6
list-name] access lists.

Example:
Router# show ipv6 access-
list

Step 11 show ipv6 cef [ipv6- Displays entries in the IPv6 Forwarding
prefix/prefix-length] | [interface- Information Base (FIB).
type interface-number] [longer-
prefixes | similar-prefixes |
detail | internal | platform |
epoch | source]]

Example:
Router# show ipv6 cef

Step 12 show interface type number Displays numbers of packets that were
stats process switched, fast switched, and
distributed switched.
Example:

Router# show interface fddi


3/0/0 stats

You might also like