System Administration Guide: IP Services
Previous Next

Configuring IKE (Task Map)

You can use preshared keys, self-signed certificates, and certificates from a Certificate Authority (CA) to authenticate IKE. A rule links the particular IKE authentication method with the end points that are being protected. Therefore, you can use one or all IKE authentication methods on a system. A pointer to a PKCS #11 library enables certificates to use an attached hardware accelerator.

After configuring IKE, complete the IPsec task that uses the IKE configuration. The following table refers you to task maps that focus on a specific IKE configuration.

Task

Description

For Instructions

Configure IKE with preshared keys

Protects communications between two systems by having the systems share a secret key.

Configuring IKE With Preshared Keys (Task Map)

Configure IKE with public key certificates

Protects communications with public key certificates. The certificates can be self-signed, or they can be vouched for by a PKI organization.

Configuring IKE With Public Key Certificates (Task Map)

Cross a NAT boundary

Configures IPsec and IKE to communicate with a mobile system

Configuring IKE for Mobile Systems (Task Map)

Configure IKE to generate and store public key certificates on attached hardware

Enables a Sun Crypto Accelerator 1000 board or a Sun Crypto Accelerator 4000 board to accelerate IKE operations. Also enables the Sun Crypto Accelerator 4000 board to store public key certificates.

Configuring IKE to Find Attached Hardware (Task Map)

Tune Phase 1 key negotiation parameters

Changes the timing of IKE key negotiations.

Changing IKE Transmission Parameters (Task Map)

Previous Next