System Administration Guide: IP Services

Configuring IKE (Task Map)

You can use preshared keys, self-signed certificates, and certificates from a Certificate Authority (CA) to authenticate IKE. A rule links the particular IKE authentication method with the end points that are being protected. Therefore, you can use one or all IKE authentication methods on a system. A pointer to a PKCS #11 library enables certificates to use an attached hardware accelerator.

After configuring IKE, complete the IPsec task that uses the IKE configuration. The following table refers you to task maps that focus on a specific IKE configuration.



For Instructions 

Configure IKE with preshared keys 

Protects communications between two systems by having the systems share a secret key. 

Configuring IKE With Preshared Keys (Task Map)

Configure IKE with public key certificates 

Protects communications with public key certificates. The certificates can be self-signed, or they can be vouched for by a PKI organization. 

Configuring IKE With Public Key Certificates (Task Map)

Cross a NAT boundary 

Configures IPsec and IKE to communicate with a mobile system 

Configuring IKE for Mobile Systems (Task Map)

Configure IKE to generate and store public key certificates on attached hardware 

Enables a Sun Crypto Accelerator 1000 board or a Sun Crypto Accelerator 4000 board to accelerate IKE operations. Also enables the Sun Crypto Accelerator 4000 board to store public key certificates. 

Configuring IKE to Find Attached Hardware (Task Map)

Tune Phase 1 key negotiation parameters 

Changes the timing of IKE key negotiations. 

Changing IKE Transmission Parameters (Task Map)