The procedures in this section enable you to secure traffic between two systems and to secure a web server. To protect a VPN, see Protecting a VPN With IPsec. For additional procedures to manage IPsec and to use SMF commands with IPsec and IKE, see Additional IPsec Tasks.
The following information applies to all IPsec configuration tasks:
IPsec and zones – Each system is either a global zone or an exclusive-IP zone. For more information, see IPsec and Oracle Solaris Zones.
IPsec and FIPS 140-2 mode – As the IPsec administrator, you are responsible for choosing algorithms that are FIPS 140-2 approved for Oracle Solaris. The procedures and examples in this chapter use FIPS 140-2 approved algorithms except when the algorithm "any" is specified.
IPsec and RBAC – To use roles to administer IPsec, see Chapter 3, Assigning Rights in Oracle Solaris in Securing Users and Processes in Oracle Solaris 11.4. For an example, see How to Configure a Role for Network Security.
IPsec and SCTP – You can use IPsec to protect Streams Control Transmission Protocol (SCTP) associations, but caution must be used. For more information, see IPsec and SCTP.
IPsec and Trusted Extensions labels – On systems that are configured with the Trusted Extensions feature of Oracle Solaris, labels can be added to IPsec packets. For more information, see Administration of Labeled IPsec in Trusted Extensions Configuration and Administration.
IPv4 and IPv6 addresses – The IPsec examples in this guide use IPv4 addresses. Oracle Solaris supports IPv6 addresses as well. To configure IPsec for an IPv6 network, substitute IPv6 addresses in the examples. When protecting tunnels with IPsec, you can mix IPv4 and IPv6 addresses for the inner and outer addresses. This type of a configuration enables you to tunnel IPv6 over an IPv4 network, for example.
The following task map lists procedures that set up IPsec between one or more systems. The ipsecconf(8), ipseckey(8), and ipadm(8) man pages also describe useful procedures in their respective Examples sections.