You can use the ikeadm command to do the following:
View aspects of the IKE state
Change the properties of the IKE daemon
Display statistics on SA creation during the Phase 1 exchange
Debug IKE protocol exchanges
Display IKE daemon objects, such as all Phase 1 SAs, policy rules, preshared keys, available Diffie-Hellman groups, Phase 1 encryption and authentication algorithms, and the certificate cache
For examples and a full description of this command's options, see the ikeadm(1M) man page.
The privilege level of the running IKE daemon determines which aspects of the IKE daemon can be viewed and modified. Three levels of privilege are possible:
You cannot view or modify keys. The base level is the default level of privilege.
You can view the actual keys with the ikeadm command.
You can remove, change, and add preshared keys.
For a temporary privilege change, you can use the ikeadm command. For a permanent change, change the admin_privilege property of the ike service. For the temporary privilege change, see Managing the Running IKE Daemons.
The security considerations for the ikeadm command are similar to the considerations for the ipseckey command. See Security Considerations for ipseckey. For details that are specific to the ikeadm command, see the ikeadm(1M) man page.