The ikeadm(1M), ikecert(1M), and ike.config(4) man pages contain useful procedures in their respective Examples sections.
Table 21–3 Implementing IKE Task Map
Task |
Description |
For Instructions, Go To … |
---|---|---|
Configure IKE with pre-shared keys |
Involves creating a valid IKE policy file and ike.preshared file. IPsec files are also set up before booting the system to use the IKE-generated keys. | |
Refresh pre-shared keys on a running IKE system |
Involves checking the IKE privilege level and editing the ipseckeys file with fresh keying material on communicating systems. | |
Add pre-shared keys to a running IKE system |
Involves checking the IKE privilege level and running the ikeadm command with fresh keying material on communicating systems. | |
Configure IKE with self-signed public key certificates |
Involves creating self–signed certificates with the ikecert certlocal -ks command, and adding the public key from a communicating system with the ikecert certdb command. | |
Configure IKE with a PKI Certificate Authority |
Involves sending output from the ikecert certlocal –kc command to a PKI, and installing the public key, CA, and CRL from the vendor. |
How to Configure IKE With Public Keys Signed by a Certificate Authority |
Update the CA revocation lists |
Involves installing a PKI vendor's CRL with the ikecert certrldb command. |