You can use preshared keys, self-signed certificates, and certificates from a certificate authority (CA) to authenticate IKE. Rules link a particular authentication method with the end points that are being protected. Therefore, you can use one or all authentication methods on a system. You can also run IKEv1 on an IKEv2 system. Typically, you run IKEv1 to protect communications with systems that do not support IKEv2. IKEv2 can also use a PKCS #11 hardware token for key and certificate storage.
After configuring IKEv2, complete the IPsec procedures in Chapter 7, Configuring IPsec that use these IKEv2 rules to manage their keys. The following sections focus on specific IKEv2 configurations.