If you add IPsec policy entries to a working configuration between the same peers, you need to refresh the IPsec policy service. You do not need to reconfigure or restart IKEv1.
If you add a new peer to the IPsec policy, in addition to the IPsec changes, you must modify the IKEv1 configuration.
Before You Begin
You have updated the ipsecinit.conf file and refreshed IPsec policy for the peer systems.
You must become an administrator who is assigned the Network IPsec Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
If you administer remotely, see Example 19, Configuring IPsec Policy Remotely by Using an ssh Connection and How to Remotely Administer ZFS With Secure Shell in Managing Secure Shell Access in Oracle Solaris 11.4 for secure remote login instructions.
### ike/config file on host1, 192.0.2.16 ... ## The rule to communicate with host3 {label "host1-to-host3" local_addr 192.0.2.16 remote_addr 192.0.2.7 p1_xform {auth_method preshared oakley_group 14 auth_alg sha256 encr_alg aes} p2_pfs 14 }
### ike/config file on host3, 192.0.2.7 ## The rule to communicate with host1 {label "host3-to-host1" local_addr 192.0.2.7 remote_addr 192.0.2.16 p1_xform {auth_method preshared oakley_group 14 auth_alg sha256 encr_alg aes} p2_pfs 14 }
## ike.preshared on host1 for the host3 interface ## { localidtype IP localid 192.0.2.16 remoteidtype IP remoteid 192.0.2.7 # host1 and host3's shared hex key key "2b823670b5aa1a..." }
## ike.preshared on host3 for the host1 interface ## { localidtype IP localid 192.0.2.7 remoteidtype IP remoteid 192.0.2.16 # host3 and host1's shared hex key key "2b823670b5aa1a..." }
# svcadm refresh ike:default
Next Steps
If you have not completed establishing IPsec policy, return to the IPsec procedure to enable or refresh IPsec policy. For examples of IPsec policy protecting VPNs, see Protecting a VPN With IPsec. For other examples of IPsec policy, see How to Secure Network Traffic Between Two Servers With IPsec.