You can use preshared keys, self-signed certificates, and certificates from a Certificate Authority (CA) to authenticate IKE. A rule links the particular IKE authentication method with the end points that are being protected. Therefore, you can use one or all IKE authentication methods on a system. A pointer to a PKCS #11 library enables certificates to use an attached hardware accelerator.
After configuring IKE, complete the IPsec task that uses the IKE configuration. The following table refers you to task maps that focus on a specific IKE configuration.
Task |
Description |
For Instructions |
---|---|---|
Configure IKE with preshared keys |
Protects communications between two systems by having the systems share a secret key. | |
Configure IKE with public key certificates |
Protects communications with public key certificates. The certificates can be self-signed, or they can be vouched for by a PKI organization. | |
Cross a NAT boundary |
Configures IPsec and IKE to communicate with a mobile system | |
Configure IKE to generate and store public key certificates on attached hardware |
Enables a Sun Crypto Accelerator 1000 board or a Sun Crypto Accelerator 4000 board to accelerate IKE operations. Also enables the Sun Crypto Accelerator 4000 board to store public key certificates. | |
Tune Phase 1 key negotiation parameters |
Changes the timing of IKE key negotiations. |