User running OSPFv3 between two routers. Without IPsec authentication routers can able to form neighboship between them and exchange routes but when he employ the interface command:
ipv6 ospf authentication ipsec spi 111 sha1 <key>/ipv6 ospf authentication ipsec md5 <key> , neighbors go down. If you do "debug ipv6 ospf hello", you can see on the hellos coming in and going out.
OSPFv3 Authentication Steps:
Authentication is accomplished with one line command. IOS requires IPsec for OSPFv3 be configured separate from the normal configuration of an IPsec policy. IPsec authentication can be configured either per-interface or per-area. Below configuration shows per-interface authentication between R1 and R2.
After configuring authentication on FastEthernet1/0 at both routers, you may notice the OSPFv3 adjacency drop and reform. The OSPFv3 interface display verifies that MD5 authentication is in use as below:
R1#sh ipv6 ospf int fa1/0
FastEthernet1/0 is up, line protocol is up
Link Local Address FE80::C80D:18FF:FE4C:1C, Interface ID 4
Area 0, Process ID 100, Instance ID 0, Router ID 22.214.171.124
Network Type BROADCAST, Cost: 1
MD5 authentication SPI 512, secure socket UP (errors: 0)
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 126.96.36.199, local address FE80::C20E:28FF:FE68:0
Backup Designated router (ID) 188.8.131.52, local address FE80::C80D:18FF:FE4C:1C