Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: April 2019

Configuring IKEv2

You can use preshared keys, self-signed certificates, and certificates from a certificate authority (CA) to authenticate IKE. Rules link a particular authentication method with the end points that are being protected. Therefore, you can use one or all authentication methods on a system. You can also run IKEv1 on an IKEv2 system. Typically, you run IKEv1 to protect communications with systems that do not support IKEv2. IKEv2 can also use a PKCS #11 hardware token for key and certificate storage.

Note -  These tasks assume that the systems are assigned static IP addresses and are running the network configuration profile DefaultFixed. If the netadm list command returns Automatic, see the netcfg(1M) man page for more information.

After configuring IKEv2, complete the IPsec procedures in Configuring IPsec that use these IKEv2 rules to manage their keys. The following sections focus on specific IKEv2 configurations.