Tags: ,

Notable Replies

  1. Quick question Rene, if you were to omit the IPv6 global unicast address on the tunnel interface, would you need to use “ipv6 enable” instead so OSPFv3 could use a link local address? Or does enabling OSPFv3 on the interface automatically generate a link local address?

  2. Hi Chris,

    You’ll need to configure an IPv6 address or use “ipv6 enable”. Without an address, you get an error:

    R1(config)#interface GigabitEthernet 0/1
    R1(config-if)#ipv6 ospf 1 area 0
    % OSPFv3: IPV6 is not enabled on this interface


  3. Hi Rene
    I use virtual tunnel interface and i seem to work, it is correct ?

    IPv4 Crypto ISAKMP SA
    dst             src             state          conn-id status    QM_IDLE           1002 ACTIVE    QM_IDLE           1001 ACTIVE
    IPv6 Crypto ISAKMP SA
    R1#sh crypto ipsec sa        
    interface: Tunnel0
        Crypto map tag: Tunnel0-head-0, local addr
       protected vrf: (none)
       local  ident (addr/mask/prot/port): (
       remote ident (addr/mask/prot/port): (
       current_peer port 500
         PERMIT, flags={origin_is_acl,}
        #pkts encaps: 256, #pkts encrypt: 256, #pkts digest: 256
        #pkts decaps: 245, #pkts decrypt: 245, #pkts verify: 245
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0

    Another question is how much mtu does IPsec Takes


Continue the discussion forum.networklessons.com