Securing the Network in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

IKEv1 ikeadm Command

    You can use the ikeadm command to do the following:

  • View aspects of the IKE state

  • Change the properties of the IKE daemon

  • Display statistics on SA creation during the Phase 1 exchange

  • Debug IKE protocol exchanges

  • Display IKE daemon objects, such as all Phase 1 SAs, policy rules, preshared keys, available Diffie-Hellman groups, Phase 1 encryption and authentication algorithms, and the certificate cache

For examples and a full description of this command's options, see the ikeadm(1M) man page.

The privilege level of the running IKE daemon determines which aspects of the IKE daemon can be viewed and modified. Three levels of privilege are possible:

base level

You cannot view or modify keys. The base level is the default level of privilege.

keymat level

You can view the actual keys with the ikeadm command.

modkeys level

You can remove, change, and add preshared keys.

For a temporary privilege change, you can use the ikeadm command. For a permanent change, change the admin_privilege property of the ike service. For the temporary privilege change, see Managing the Running IKE Daemons.

The security considerations for the ikeadm command are similar to the considerations for the ipseckey command. See Security Considerations for ipseckey. For details that are specific to the ikeadm command, see the ikeadm(1M) man page.