SunScreen IPsec Configuration

SunScreen's IPsec module uses the same cryptographic (encryption and authentication) modules as the Solaris IPsec implementation. The IPsec encryption and authentication algorithms must be installed and configured in the Solaris kernel in order to be used by SunScreen. SunScreen and Solaris support DES and Triple-DES for encryption and MD5 and SHA-1 for authentication. You may need to install the optional software packages SUNWcryr and/or SUNWcryrx to make these algorithms available.

Configuration of IPsec and IKE in SunScreen is done through parameters to the rules. Please refer to ssadm-edit(1m) and rule(4sunscreen). Commands are provided for certificate generation and certificate database maintenance; see the man pages for ssadm-certlocal(1m) and ssadm-certdb(1m).

Previous: Internet Key Exchange (IKE)
Next: Chapter 3 Packet Filtering