Securing the Network in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

IKEv2 Configuration File

The IKEv2 configuration file, /etc/inet/ike/ikev2.config, manages the rules that are used to negotiate the keys for the specified network endpoints that are being protected in the IPsec policy file, /etc/inet/ipsecinit.conf.

Key management with IKE includes rules and global parameters. An IKE rule identifies the systems or networks that the keying material secures. The rule also specifies the authentication method. Global parameters include such items as the default amount of time before an IKEv2 SA is rekeyed, ikesa_lifetime_secs. For examples of IKEv2 configuration files, see Configuring IKEv2 With Preshared Keys. For examples and descriptions of IKEv2 policy entries, see the ikev2.config(4) man page.

The IPsec SAs that IKEv2 supports protect the IP packets according to the policies in the IPsec configuration file, /etc/inet/ipsecinit.conf.

The security considerations for the ike/ikev2.config file are similar to the considerations for the ipsecinit.conf file. For details, see Security Considerations for ipsecinit.conf and ipsecconf.