openSolaris 2008 - Configuring IKE (Task Map) - System Administration Guide: IP Services

Configuring IKE (Task Map)

You can use preshared keys, self-signed certificates, and certificates from a Certificate Authority (CA) to authenticate IKE. A rule links the particular IKE authentication method with the end points that are being protected. Therefore, you can use one or all IKE authentication methods on a system. A pointer to a PKCS #11 library enables certificates to use an attached hardware accelerator.

After configuring IKE, complete the IPsec task that uses the IKE configuration. The following table refers you to task maps that focus on a specific IKE configuration.

Task	Description	For Instructions
Configure IKE with preshared keys	Protects communications between two systems by having the systems share a secret key.	Configuring IKE With Preshared Keys (Task Map)
Configure IKE with public key certificates	Protects communications with public key certificates. The certificates can be self-signed, or they can be vouched for by a PKI organization.	Configuring IKE With Public Key Certificates (Task Map)
Cross a NAT boundary	Configures IPsec and IKE to communicate with a mobile system	Configuring IKE for Mobile Systems (Task Map)
Configure IKE to generate and store public key certificates on attached hardware	Enables a Sun Crypto Accelerator 1000 board or a Sun Crypto Accelerator 4000 board to accelerate IKE operations. Also enables the Sun Crypto Accelerator 4000 board to store public key certificates.	Configuring IKE to Find Attached Hardware (Task Map)
Tune Phase 1 key negotiation parameters	Changes the timing of IKE key negotiations.	Changing IKE Transmission Parameters (Task Map)