Cisco ASA Series Cli Configuration Manual page 653
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring OSPF
Command
ipv6 ospf encryption {ipsec spi spi esp
encryption-algorithm
[[key-encryption-type] key]
authentication-algorithm
[[key-encryption-type] key | null}
Example:
hostname(config-if)# interface
GigabitEthernet3/2.200
vlan 200
nameif outside
security-level 100
ip address 10.20.200.30 255.255.255.0
standby 10.20.200.31
ipv6 address 3001::1/64 standby 3001::8
ipv6 address 6001::1/64 standby 6001::8
ipv6 enable
ospf priority 255
ipv6 ospf cost 100
ipv6 ospf 100 area 10 instance 200
ipv6 ospf encryption ipsec spi 1001 esp
null sha1
123456789A123456789B123456789C123456789D
ipv6 ospf flood-reduction
Example:
hostname(config-if)# interface
GigabitEthernet3/2.200
vlan 200
nameif outside
security-level 100
ip address 10.20.200.30 255.255.255.0
standby 10.20.200.31
ipv6 address 3001::1/64 standby 3001::8
ipv6 address 6001::1/64 standby 6001::8
ipv6 enable
ospf priority 255
ipv6 ospf cost 100
ipv6 ospf 100 area 10 instance 200
ipv6 ospf flood reduction
Purpose
Specifies the encryption type for an interface. The ipsec keyword
specifies the IP security protocol. The spi spi keyword-argument
pair specifies the security policy index, which must be in the
range of 256 to 42949667295 and entered as a decimal. The esp
keyword specifies the encapsulating security payload. The
encryption-algorithm argument specifies the encryption
algorithm to be used with ESP. Valid values include the following:
•
aes-cdc—Enables AES-CDC encryption.
•
3des—Enables 3DES encryption.
•
des—Enables DES encryption.
•
null—Specifies ESP with no encryption.
The key-encryption-type argument can be one of the following
two values:
•
0—The key is not encrypted.
•
7—The key is encrypted.
The key argument specifies the number used in the calculation of
the message digest. The number is 32 hexadecimal digits (16
bytes) long. The size of the key depends on the encryption
algorithm used. Some algorithms, such as AES-CDC, allow you
to choose the size of the key. The authentication-algorithm
argument specifies the encryption authentication algorithm to be
used, which can be one of the following:
•
md5—Enables message digest 5 (MD5).
•
sha1—Enables SHA-1.
The null keyword overrides area encryption.
Note
If OSPFv3 encryption is enabled on an interface and a
neighbor is on different area (for example, area 0), and
you want the ASA to form adjacencies with that area, you
must change the area on the ASA. After you have changed
the area on the ASA to 0, there is a delay of two minutes
before the OSPFv3 adjacency comes up.
Specifies the flood reduction of LSAs to the interface.
Cisco ASA Series CLI Configuration Guide
Configuring OSPFv3
1-21
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
