| Skip Navigation Links | |
| Exit Print View | |
|
Securing the Network in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Securing the Network in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Using Link Protection in Virtualized Environments
2. Tuning Your Network (Tasks)
3. Web Servers and the Secure Sockets Layer Protocol
4. IP Filter in Oracle Solaris (Overview)
6. IP Security Architecture (Overview)
8. IP Security Architecture (Reference)
9. Internet Key Exchange (Overview)
Configuring IKE With Preshared Keys (Task Map)
Configuring IKE With Preshared Keys
How to Configure IKE With Preshared Keys
How to Update IKE for a New Peer System
Configuring IKE With Public Key Certificates (Task Map)
Configuring IKE With Public Key Certificates
How to Configure IKE With Self-Signed Public Key Certificates
How to Configure IKE With Certificates Signed by a CA
How to Generate and Store Public Key Certificates in Hardware
How to Handle a Certificate Revocation List
Configuring IKE for Mobile Systems (Task Map)
Configuring IKE for Mobile Systems
How to Configure IKE for Off-Site Systems
Configuring IKE to Find Attached Hardware
How to Configure IKE to Find the Sun Crypto Accelerator 6000 Board
You can view the algorithms and groups that can be used in Phase 1 IKE negotiations.
In this procedure, you determine which Diffie-Hellman groups are available for use in Phase 1 IKE exchanges. You also view the encryption and authentication algorithms that are available for IKE Phase 1 exchanges. The numeric values match the values that are specified for these algorithms by the Internet Assigned Numbers Authority (IANA).
Before You Begin
You must become an administrator who is assigned the Network IPsec Management rights profile. For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
Diffie-Hellman groups set up IKE SAs.
# ikeadm dump groups Value Strength Description 1 66 ietf-ike-grp-modp-768 2 77 ietf-ike-grp-modp-1024 5 91 ietf-ike-grp-modp-1536 14 110 ietf-ike-grp-modp-2048 15 130 ietf-ike-grp-modp-3072 16 150 ietf-ike-grp-modp-4096 17 170 ietf-ike-grp-modp-6144 18 190 ietf-ike-grp-modp-8192 Completed dump of groups
You would use one of these values as the argument to the oakley_group parameter in an IKE Phase 1 transform, as in:
p1_xform
{ auth_method preshared oakley_group 15 auth_alg sha encr_alg aes }# ikeadm dump authalgs Value Name 1 md5 2 sha1 4 sha256 5 sha384 6 sha512 Completed dump of authalgs
You would use one of these names as the argument to the auth_alg parameter in an IKE Phase 1 transform, as in:
p1_xform
{ auth_method preshared oakley_group 15 auth_alg sha256 encr_alg 3des }# ikeadm dump encralgs Value Name 3 blowfish-cbc 5 3des-cbc 1 des-cbc 7 aes-cbc Completed dump of encralgs
You would use one of these names as the argument to the encr_alg parameter in an IKE Phase 1 transform, as in:
p1_xform
{ auth_method preshared oakley_group 15 auth_alg sha256 encr_alg aes }See Also
For tasks to configure IKE rules that require these values, see Configuring IKE (Task Map).
|