System Administration Guide: IP Services

Protecting Traffic With IPsec (Task Map)

The following task map points to procedures that set up IPsec between one or more systems. The ipsecconf(1M), ipseckey(1M), and ifconfig(1M) man pages also describe useful procedures in their respective Examples sections.



For Instructions 

Secure traffic between two systems. 

Protects packets from one system to another system. 

How to Secure Traffic Between Two Systems With IPsec

Secure a web server by using IPsec policy. 

Requires non-web traffic to use IPsec. Web clients are identified by particular ports, which bypass IPsec checks. 

How to Use IPsec to Protect a Web Server From Nonweb Traffic

Display IPsec policies. 

Displays the IPsec policies that are currently being enforced, in the order in which the policies are enforced. 

How to Display IPsec Policies

Generate random numbers. 

Generates random numbers for keying material for manually created security associations. 

How to Generate Random Numbers on a Solaris System

How to Generate a Symmetric Key by Using the pktool Command in System Administration Guide: Security Services

Create or replace security associations manually. 

Provides the raw data for security associations: 

  • IPsec algorithm name and keying material

  • Key for the security parameter index

  • IP source and destination addresses

How to Manually Create IPsec Security Associations

Check that IPsec is protecting the packets. 

Examines snoop output for specific headers that indicate how the IP datagrams are protected.

How to Verify That Packets Are Protected With IPsec

(Optional) Create a Network Security role. 

Creates a role that can set up a secure network, but has fewer powers than superuser. 

How to Configure a Role for Network Security

Manage IPsec and keying material as a set of SMF services. 

Describes when and how to use the commands that enable, disable, refresh, and restart services. Also describes the commands that change the property values of services. 

How to Manage IKE and IPsec Services

Set up a secure virtual private network (VPN). 

Sets up IPsec between two systems that are separated by the Internet. 

Protecting a VPN With IPsec (Task Map)