System Administration Guide: IP Services
Previous Next

IKE Administration Command

You can use the ikeadm command to do the following:

  • View aspects of the IKE daemon process.

  • Change the parameters that are passed to the IKE daemon.

  • Display statistics on SA creation during the Phase 1 exchange.

  • Debug IKE processes.

For examples and a full description of this command's options, see the ikeadm(1M) man page. The privilege level of the running IKE daemon determines which aspects of the IKE daemon can be viewed and modified. You can choose from three levels of privilege.

0x0, or base level

You cannot view nor modify keying material. The base level is the default level at which the in.iked daemon runs.

0x1, or modkeys level

You can remove, change, and add preshared keys.

0x2, or keymat level

You can view the actual keying material with the ikeadm command.

The security considerations for the ikeadm command are similar to the considerations for the ipseckey command. For details, see Security Considerations for ipseckey.

Previous Next