Login or Register to Ask a Question and Join Our Community


Solaris BigAdmin RSS

Solaris IPSec with preshared keys

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Solaris BigAdmin RSS Solaris IPSec with preshared keys
# 1  
Old 10-26-2009
Solaris IPSec with preshared keys
This document describes the process to implement transport mode ipsec configuration using the following steps: * assign ipsec policy (ipsecinit.conf) * configure Internet Key Exchange (IKE) daemon (in.iked) (config) * setup preshared key secret (ike.preshared)

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Cybersecurity

IPSEC

hello, after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration! I also generate different key for AH and ESP as i have shown below. what is my problem and what should i do to have ping and test the configuration? code: ... (0 Replies)
Discussion started by: elinaz
0 Replies

2. UNIX for Advanced & Expert Users

Ipsec implementation

How can i implement Ipsec between two machines in linux_ ubuntu? any link?? suggestion?? (0 Replies)
Discussion started by: elinaz
0 Replies

3. Red Hat

SSH Keys between RHEL 5 and Solaris 10

Hi all Has anyone ever successfully set up ssh key pairs for "passwordless" logins between rhel and Solaris? I've set it up many times before between Solaris systems but i'm having difficulty doing between the two OS's in question. What I have done so far is append the contents of the rhel... (30 Replies)
Discussion started by: notreallyhere
30 Replies

4. Solaris

Connecting Solaris 10 to Cisco PIX with IPsec tunnel

I having problem connecting to a Cisco PIX Log from IKE # /usr/lib/inet/in.iked -f /etc/inet/ike/config -d Jan 16 00:40:57: 2012 (+0800) *** in.iked started *** Jan 16 00:40:57: Loading configuration... Jan 16 00:40:57: Checking lifetimes in "nullrule" Jan 16 00:40:57: Using default value... (0 Replies)
Discussion started by: conandor
0 Replies

5. BSD

Problem on IPSec

Hi, this is my first post...:p Hello Admin :) Can I have an ask for something with my configuration ? I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely. I have a simulation with a local design topology with two PC's (FreeBSD ... (0 Replies)
Discussion started by: aulia
0 Replies

6. Solaris

Clients for Solaris IPSEC tunnel

Hi all, I'm running solaris x86_64 as a home server and am quite happy with it. Currently I'm working with Solaris 10 and 11 express. Typically I tunnel traffic to it via ssh with port forwards, but I'm interested in using the built in IPSEC features that Solaris has. I've setup a solaris... (1 Reply)
Discussion started by: vectox
1 Replies

7. Solaris

Solaris 10 IPSec peformance

Hi, does anyone have an experience how many IPSec tunnels Solaris 10 is able manage. A rough estimation would be great. I know it's hardly dependent on the hardware used, so if anyone says on a 490 with 2 CPUs and 4GB RAM a maximum of 1000 IPSec tunnels is possible, that would be great. I... (1 Reply)
Discussion started by: blombo
1 Replies

8. UNIX for Dummies Questions & Answers

arrow keys / special keys

how to use the arrow keys in shell scripting. is there any special synatax / command for this. i just want to use the arrow keys for navigation. replies appreciated raguram R (3 Replies)
Discussion started by: raguramtgr
3 Replies
Login or Register to Ask a Question

LEARN ABOUT V7

in.iked

in.iked(1M)						  System Administration Commands					       in.iked(1M)

NAME

       in.iked - daemon for the Internet Key Exchange (IKE)

SYNOPSIS

       /usr/lib/inet/in.iked [-d] [-f filename] [-p level]

       /usr/lib/inet/in.iked -c [-f filename]

DESCRIPTION

       in.iked performs automated key management for IPsec using the Internet Key Exchange (IKE) protocol.

       in.iked implements the following:

	 o  IKE authentication with either pre-shared keys, DSS signatures, RSA signatures, or RSA encryption.

	 o  Diffie-Hellman key derivation using either 768, 1024, or 1536-bit public key moduli.

	 o  Authentication protection with cipher choices of DES, Blowfish, or 3DES, and hash choices of either HMAC-MD5 or HMAC-SHA-1. Encryption
	    in in.iked is limited to the IKE authentication and key  exchange.	 See  ipsecesp(7P)  for  information  regarding  IPsec	protection
	    choices.

       in.iked starts at boot time if the /etc/inet/ike/config file exists. See ike.config(4) for the format of this file.

       in.iked listens for incoming IKE requests from the network and for requests for outbound traffic using the PF_KEY socket. See pf_key(7P).

       in.iked has two support programs that are used for IKE administration and diagnosis: ikeadm(1M) and ikecert(1M).

       The  SIGHUP  signal  causes  the IKE daemon to read /etc/inet/ike/config and reload the certificate database. SIGHUP is equivalent to using
       ikeadm(1M) to read the /etc/inet/ike/config file as a rule, for example:

       example# ikeadm read rule /etc/inet/ike/config

OPTIONS

       The following options are supported:

       -c	       Check the syntax of a configuration file.

       -d	       Use debug mode. The process stays attached to the controlling terminal and produces large amounts of debugging output.

       -f filename     Use filename instead of /etc/inet/ike/config. See ike.config(4) for the format of this file.

       -p level        Specify privilege level (level). This option sets how much ikeadm(1M) invocations can change or observe about  the  running
		       in.iked.

		       Valid levels are:

		       0	Base level

		       1	Access to preshared key info

		       2	Access to keying material

		       If -p is not specified, level defaults to 0.

SECURITY

       This  program  has sensitive private keying information in its image. Care should be taken with any core dumps or system dumps of a running
       in.iked daemon, as these files contain sensitive keying information. Use the  coreadm(1M)  command  to  limit  any  corefiles  produced	by
       in.iked.

FILES

       /etc/inet/ike/config

       /etc/inet/secret/ike.privatekeys/*

	   Private keys. A private key must have a matching public-key certificate with the same filename in /etc/inet/ike/publickeys/.

       /etc/inet/ike/publickeys/*

	   Public-key certificates. The names are only important with regard to matching private key names.

       /etc/inet/ike/crls/*

	   Public key certificate revocation lists.

       /etc/inet/secret/ike.preshared

	   IKE pre-shared secrets for Phase I authentication.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       coreadm(1M), ikeadm(1M), ikecert(1M), ike.config(4), attributes(5), ipsecesp(7P)

       Harkins, Dan and Carrel, Dave. RFC 2409, Internet Key Exchange (IKE). Network Working Group. November 1998.

       Maughan,  Douglas,  Schertler,  M., Schneider, M., Turner, J. RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP).
       Network Working Group. November 1998.

       Piper, Derrell, RFC 2407, The Internet IP Security Domain of Interpretation for ISAKMP. Network Working Group. November 1998.

SunOS 5.10							    11 Jun 2003 						       in.iked(1M)