IKE Administration Command
You can use the ikeadm command to do the following:
View aspects of the IKE daemon process.
Change the parameters that are passed to the IKE daemon.
Display statistics on SA creation during the Phase 1 exchange.
Debug IKE processes.
For examples and a full description of this command's options, see the
ikeadm(1M) man page. The privilege level of the running IKE daemon determines which
aspects of the IKE daemon can be viewed and modified. You can
choose from three levels of privilege.
- 0x0, or base level
You cannot view nor modify keying material. The base level is the default level at which the in.iked daemon runs.
- 0x1, or modkeys level
You can remove, change, and add preshared keys.
- 0x2, or keymat level
You can view the actual keying material with the ikeadm command.
The security considerations for the ikeadm command are similar to the considerations for
the ipseckey command. For details, see Security Considerations for ipseckey.