If the preshared keys on the communicating systems are not identical, the systems cannot authenticate.
IPsec has been configured and is enabled between the two systems that you are testing. You are running the current Solaris 10 release.
To perform this procedure on a release prior to the Solaris 10 4/09 release, see Example 23–2.
On the system console, assume the Primary Administrator role or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Logging in remotely exposes security-critical traffic to eavesdropping. Even if you somehow protect the remote login, the security of the system is reduced to the security of the remote login session. Use the ssh command for secure remote login.
On each system, check the privilege level of the in.iked daemon.
# svcprop -p config/admin_privilege ike base
If the privilege level is keymat, continue with Step 3.
Then, refresh and restart the ike service.
# svccfg -s ike setprop config/admin_privilege=keymat # svcadm refresh ike ; svcadm restart ike # svcprop -p config/admin_privilege ike keymat
On each system, view the preshared key information.
# ikeadm dump preshared PSKEY: Preshared key (24 bytes): f47cb…/192 LOCIP: AF_INET: port 0, 192.168.116.16 (enigma). REMIP: AF_INET: port 0, 192.168.13.213 (partym).
Compare the two dumps.
If the preshared keys are not identical, replace one key with the other key in the /etc/inet/secret/ike.preshared file.
When the verification is complete, return the privilege level to the default on each system.
# svccfg -s ike setprop config/admin_privilege=base # svcadm restart ike