Example—Check That the Pre-Shared Keys are Identical (IPsec and IKE Administration Guide)

IPsec and IKE Administration Guide

Previous: Implementing IKE Task Map
Next: How to Refresh Existing Pre-Shared Keys

Example—Check That the Pre-Shared Keys are Identical

If the pre-shared keys on the communicating systems are not identical, you get the following error message:

# rup system2
system2: RPC: Rpcbind failure

To view the pre-shared key, the in.iked daemon must be running at privilege level 0x2. On each system, use the ikeadm command to dump the pre-shared key information:

# /usr/sbin/ikeadm get priv
Current privilege level is 0x2, access to keying material enabled
# ikeadm dump preshared
PSKEY: Pre-shared key (24 bytes): f47cb…/192
LOCIP: AF_INET: port 0, 192.168.116.16 (enigma).
REMIP: AF_INET: port 0, 192.168.13.213 (partym).

Compare the two dumps. If the pre-shared keys are not identical, replace one key with the other key in the /etc/inet/secret/ike.preshared file.

Previous: Implementing IKE Task Map
Next: How to Refresh Existing Pre-Shared Keys