The configuration file for IKE policy, /etc/inet/ike/config, provides the keying material for the IKE daemon itself, and for the IPsec SAs that the file manages. The IKE daemon itself requires keying material in the Phase 1 exchange. Rules in the ike/config file establish the keying material. A valid rule in the policy file contains a label. The rule identifies the hosts or networks that the keying material is for, and specifies the authentication method. See IKE Tasks for examples of valid policy files. See the ike.config(4) man page for examples and descriptions of its parameters.
The IPsec SAs are used on the IP datagrams that are protected according to policies that are set up in the configuration file for IPsec policy, /etc/inet/ipsecinit.conf. The IKE policy file determines if PFS is used when creating the IPsec SAs.
The security considerations for the ike/config file are similar to the considerations for the ipsecinit.conf file. See Security Considerations for ipsecinit.conf and ipsecconf for details.