The ikeadm command can check the syntax of the IKE configuration file, view aspects of the IKE daemon process, and change the parameters passed to the IKE daemon. The command can also gather statistics and debug IKE processes. See the ikeadm(1M) man page for examples and a full description of its options. The privilege level of the running IKE daemon determines what aspects of the IKE daemon can be viewed and modified. There are three levels of privilege.
0x0, or base level — At the base level of privilege, you cannot view or modify keying material. The base level is the default level at which the in.iked daemon runs.
0x1, or modkeys level — At the modkeys level of privilege, you can remove, change, and add pre-shared keys.
0x2, or keymat level — At the keymat level of privilege, you can view the actual keying material with the ikeadm command.
The security considerations for the ikeadm command are similar to those for the ipseckey command. See Security Considerations for details.