You can use preshared keys, self-signed certificates, and certificates from a certificate authority (CA) to authenticate IKE. A rule in the ike/config file links the particular IKEv1 authentication method with the IKEv1 peer. Therefore, you can use one or all IKE authentication methods on a system. A pointer to a PKCS #11 library enables IKEv1 to use an attached hardware accelerator.
After configuring IKEv1, complete the IPsec task in Chapter 7, Configuring IPsec that uses the IKEv1 configuration.