Securing the Network in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

IKEv1 Configuration File

The IKEv1 configuration file, /etc/inet/ike/config, manages the SAs for network packets that need IPsec protection according to the policies in the IPsec configuration file, /etc/inet/ipsecinit.conf.

Key management with IKE includes rules and global parameters. An IKEv1 rule identifies systems that are running another IKEv1 daemon. The rule also specifies the authentication method. Global parameters include such items as the path to an attached hardware accelerator. For examples of IKEv1 policy files, see Configuring IKEv2 With Preshared Keys. For examples and descriptions of IKEv1 policy entries, see the ike.config(4) man page.

The /etc/inet/ike/config file can include the path to a library that is implemented according to the following standard: RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki). IKEv1 uses this PKCS #11 library to access hardware for key acceleration and key storage.

The security considerations for the ike/config file are similar to the considerations for the ipsecinit.conf file. For details, see Security Considerations for ipsecinit.conf and ipsecconf.