Comparison of IKEv2 and IKEv1
The following table compares the implementation of the IKEv2 and IKEv1 versions
on an Oracle Solaris system.
Table 8-1 IKEv2 and IKEv1 Implementation
in Oracle Solaris
| | |
| Implicit based on objects in keystore
| cert_trust parameter in ike/config file
|
Certificate creation
| ikev2cert command
| ikecert certlocal command
|
Certificate import
| ikev2cert import command can import certificates and keys into PKCS #11 keystore
| ikecert certdb command can import standalone certificates into IKE keystore
|
Certificate owner |
ikeuser
|
root
|
Certificate policy file
| kmf-policy.xml
| Some policy in ike/config file
|
Certificate storage
| PKCS #11 softtoken library
| Local IKEv1 databases
|
Configuration file directory
| /etc/inet/ike/
| /etc/inet/ike/ and /etc/inet/secret/
|
Configuration owner
| ikeuser account
| root account
|
Daemon
| in.ikev2d
| in.iked
|
FIPS 140 algorithms for
traffic between daemons
The Cryptographic Framework feature of Oracle Solaris 11.1 SRU 5.5 and SRU 3 is validated for
FIPS 140-2, Level 1. If FIPS 140 mode is enabled and the Cryptographic
Framework is being used, then FIPS 140-validated algorithms are used. By default,
FIPS 140 mode is not enabled.
|
IKE SAs use the Cryptographic Framework
|
Not all exchanges use the Cryptographic Framework
|
FIPS 140 algorithms for IPsec traffic
|
Use the Cryptographic Framework
|
Use the Cryptographic Framework
|
IKE policy file
| ike/ikev2.config
| ike/config
|
IKE preshared keys
| ike/ikev2.preshared
| secret/ike.preshared
|
NAT port
| UDP port 4500
| UDP port 4500
|
Port
| UDP port 500
| UDP port 500
|
Rights profile
| Network IPsec Management
| Network IPsec Management
|
Service name (FMRI)
| svc:/ipsec/ike:ikev2
| svc:/ipsec/ike:default
|
|