The IP Security feature in AIX is separately installable and loadable. The file sets that need to be installed are as follows:
The bos.crypto-priv file set is located on the Expansion Pack. For IKE digital signature support, you must also install the gskit.rte fileset (AIX Version 4) or gskkm.rte (AIX 5.1) from the Expansion Pack.
After it is installed, IP Security can be separately loaded for IP Version 4 and IP Version 6, either by using the recommended procedure provided in Loading IP Security or by using the mkdev command.
Attention: Loading IP Security enables the filtering function. Before loading, it is important to ensure the correct filter rules are created. Otherwise, all outside communication might be blocked.
Use SMIT or Web-based System Manager to automatically load the IP security modules when IP Security is started. Also, SMIT and Web-based System Manager ensure that the kernel extensions and IKE daemons are loaded in the correct order.
If the loading completes successfully, the lsdev command shows the IP Security devices as Available.
lsdev -C -c ipsec ipsec_v4 Available IP Version 4 Security Extension ipsec_v6 Available IP Version 6 Security Extension
After the IP Security kernel extension has been loaded, tunnels and filters are ready to be configured.