test

IPsec and IKE Administration Guide

Example—Securing Traffic Between IPv4 Addresses

The following example describes how to secure traffic between systems with IPv4 addresses. The example uses automatic key management (IKE) to create security associations. IKE requires less administrative intervention, and scales easily to secure a large amount of traffic.

  1. Replace the /etc/inet/ipnodes file in Step 2 of the preceding task with the /etc/hosts file, as in the following:

    On the partym system, add enigma to the /etc/hosts file:


    # echo "192.168.116.16 enigma" >> /etc/hosts

    On the enigma system, add partym to the /etc/hosts file:


    # echo "192.168.13.213 partym" >> /etc/hosts

  2. Edit the ipsecinit.conf file to add the IPsec policy entries as in Step 4.

  3. You can create keys in one of two ways:

    • Configure IKE to generate the keys automatically. IKE also refreshes the keys automatically. To configure IKE, follow one of the configuration procedures in Table 4–1. For the syntax of the IKE configuration file, see the ike.config(4) man page.

      You should configure IKE unless you have good reason to generate and maintain your keys manually.

    • If you do not activate the IKE daemon, in.iked, then you can manually create the keys, as described in Step 5 in How to Secure Traffic Between Two Systems.

  4. Reboot.

    To secure traffic without rebooting, use the ipseckey and ipsecconf commands.


    # ipseckey -f /etc/inet/secret/ipseckeys 
# ipsecconf -a /etc/inet/ipsecinit.conf
    Note –

    Read the warning when you execute the command. A socket that is already in use (latched) provides an unsecured back door into the system.

  5. To verify that packets are being protected, see How to Verify That Packets are Protected.