If you add IPsec policy entries to a working configuration between the same peers, you need to refresh the IPsec policy service. You do not need to reconfigure or restart IKE.
If you add a new peer to the IPsec policy, in addition to the IPsec changes, you must modify the IKEv2 configuration.
Before You Begin
You have updated the ipsecinit.conf file and refreshed IPsec policy for the peer systems.
You must become an administrator who is assigned the Network IPsec Management rights profile. You must be typing in a profile shell. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
If you administer remotely, see Example 7–1 and How to Remotely Administer ZFS With Secure Shell in Managing Secure Shell Access in Oracle Solaris 11.2 for secure remote login instructions.
# pfedit ikev2.config ## ikev2.config file on enigma, 192.168.116.16 ... ## The rule to communicate with ada ## Label must be unique {label "enigma-ada" auth_method preshared local_addr 192.168.116.16 remote_addr 192.168.15.7 }
For information about the options to the pfedit command, see the pfedit(1M) man page.
## ikev2.config file on ada, 192.168.15.7 ... ## The rule to communicate with enigma {label "ada-enigma" auth_method preshared local_addr 192.168.15.7 remote_addr 192.168.116.16 }
# /usr/lib/inet/in.ikev2d -c -f /etc/inet/ike/ikev2.config
# pfedit -s /etc/inet/ike/ikev2.preshared ## ikev2.preshared on enigma for the ada interface ... ## The rule to communicate with ada ## Label must match the label of the rule { label "enigma-ada" # enigma and ada's shared key key "Twas brillig and the slivey toves did *s0mEtHiNg* be CareFULL hEEEr" }
For information about the options to the pfedit command, see the pfedit(1M) man page.
# ikev2.preshared on ada for the enigma interface # { label "ada-enigma" # ada and enigma's shared key key "Twas brillig and the slivey toves did *s0mEtHiNg* be CareFULL hEEEr" }
# svcadm refresh ikev2
# svcadm enable ikev2
Next Steps
If you have not completed establishing IPsec policy, return to the IPsec procedure to enable or refresh IPsec policy. For examples of IPsec policy protecting VPNs, see Protecting a VPN With IPsec. For other examples of IPsec policy, see How to Secure Network Traffic Between Two Servers With IPsec.