JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: IP Services     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Part I TCP/IP Administration

1.  Planning an IPv4 Addressing Scheme (Tasks)

2.  Planning an IPv6 Addressing Scheme (Overview)

3.  Planning an IPv6 Network (Tasks)

4.  Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)

5.  Enabling IPv6 on a Network (Tasks)

6.  Administering a TCP/IP Network (Tasks)

7.  Configuring IP Tunnels

8.  Troubleshooting Network Problems (Tasks)

9.  TCP/IP and IPv4 in Depth (Reference)

10.  IPv6 in Depth (Reference)

Part II DHCP

11.  About DHCP (Overview)

12.  Planning for DHCP Service (Tasks)

13.  Configuring the DHCP Service (Tasks)

14.  Administering DHCP (Tasks)

15.  Configuring and Administering the DHCP Client

16.  Troubleshooting DHCP (Reference)

17.  DHCP Commands and Files (Reference)

Part III IP Security

18.  IP Security Architecture (Overview)

19.  Configuring IPsec (Tasks)

20.  IP Security Architecture (Reference)

21.  Internet Key Exchange (Overview)

22.  Configuring IKE (Tasks)

Displaying IKE Information

How to Display Available Groups and Algorithms for Phase 1 IKE Exchanges

Configuring IKE (Task Map)

Configuring IKE With Preshared Keys (Task Map)

Configuring IKE With Preshared Keys

How to Configure IKE With Preshared Keys

How to Refresh IKE Preshared Keys

How to View IKE Preshared Keys

How to Add an IKE Preshared Key for a New Policy Entry in ipsecinit.conf

How to Verify That IKE Preshared Keys Are Identical

Configuring IKE With Public Key Certificates (Task Map)

Configuring IKE With Public Key Certificates

How to Configure IKE With Self-Signed Public Key Certificates

How to Configure IKE With Certificates Signed by a CA

How to Generate and Store Public Key Certificates on Hardware

How to Handle a Certificate Revocation List

Configuring IKE for Mobile Systems (Task Map)

Configuring IKE for Mobile Systems

How to Configure IKE for Off-Site Systems

Configuring IKE to Find Attached Hardware (Task Map)

Configuring IKE to Find Attached Hardware

How to Configure IKE to Find the Sun Crypto Accelerator 1000 Board

How to Configure IKE to Find the Sun Crypto Accelerator 4000 Board

Changing IKE Transmission Parameters (Task Map)

Changing IKE Transmission Parameters

How to Change the Duration of Phase 1 IKE Key Negotiation

23.  Internet Key Exchange (Reference)

24.  IP Filter in Oracle Solaris (Overview)

25.   IP Filter (Tasks)

Part IV Networking Performance

26.  Integrated Load Balancer Overview

27.  Configuration of Integrated Load Balancer Tasks

28.  Virtual Router Redundancy Protocol (Overview)

29.  VRRP Configuration (Tasks)

30.  Implementing Congestion Control

Part V IP Quality of Service (IPQoS)

31.  Introducing IPQoS (Overview)

32.  Planning for an IPQoS-Enabled Network (Tasks)

33.  Creating the IPQoS Configuration File (Tasks)

34.  Starting and Maintaining IPQoS (Tasks)

35.  Using Flow Accounting and Statistics Gathering (Tasks)

36.  IPQoS in Detail (Reference)

Glossary

Index

Displaying IKE Information

You can view the algorithms and groups that can be used in Phase 1 IKE negotiations.

How to Display Available Groups and Algorithms for Phase 1 IKE Exchanges

In this procedure, you determine which Diffie-Hellman groups are available for use in Phase 1 IKE exchanges. You also view the encryption and authentication algorithms that are available for IKE Phase 1 exchanges. The numeric values match the values that are specified for these algorithms by the Internet Assigned Numbers Authority (IANA).

  1. Display the list of Diffie-Hellman groups that IKE can use in Phase 1.

    Diffie-Hellman groups set up IKE SAs.

    # ikeadm dump groups
    Value Strength Description
    1     66       ietf-ike-grp-modp-768
    2     77       ietf-ike-grp-modp-1024
    5     91       ietf-ike-grp-modp-1536
    14    110      ietf-ike-grp-modp-2048
    15    130      ietf-ike-grp-modp-3072
    16    150      ietf-ike-grp-modp-4096
    17    170      ietf-ike-grp-modp-6144
    18    190      ietf-ike-grp-modp-8192
    
    Completed dump of groups

    You would use one of these values as the argument to the oakley_group parameter in an IKE Phase 1 transform, as in:

    p1_xform
      { auth_method preshared oakley_group 15 auth_alg sha encr_alg des }
  2. Display the list of authentication algorithms that IKE can use in Phase 1.
    # ikeadm dump authalgs
    Value Name
    1     md5
    2     sha1
    4     sha256
    5     sha384
    6     sha512
    
    Completed dump of authalgs

    You would use one of these names as the argument to the auth_alg parameter in an IKE Phase 1 transform, as in:

    p1_xform
      { auth_method preshared oakley_group 15 auth_alg sha256 encr_alg des }
  3. Display the list of encryption algorithms that IKE can use in Phase 1.
    # ikeadm dump encralgs
    Value Name
    3     blowfish-cbc
    5     3des-cbc
    1     des-cbc
    7     aes-cbc
    
    Completed dump of encralgs

    You would use one of these names as the argument to the encr_alg parameter in an IKE Phase 1 transform, as in:

    p1_xform
      { auth_method preshared oakley_group 15 auth_alg sha encr_alg aes-cbc }
See Also

For tasks to configure IKE rules that require these values, see Configuring IKE (Task Map).