# cat /etc/release
Solaris 10 8/07 s10x_u4wos_12b X86
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 16 August 2007
# svcadm enable svc:/network/ipsec/policy:default
svcadm: Pattern 'svc:/network/ipsec/policy:default' doesn't match any instances
# svcs -x svc:/network/ipsec/ike:default
svcs: Pattern 'svc:/network/ipsec/ike:default' doesn't match any instances
bash-3.00# svcs -l ike
svcs: Pattern 'ike' doesn't match any instances
bash-3.00# pkginfo |grep -i cry
system SUNWcrman Encryption Kit On-Line Manual Pages
system SUNWcry Crypt Utilities
system SUNWcryr Solaris Root Crypto
system SUNWdcaf DCA Crypto Accelerator (usr)
system SUNWdcar DCA Crypto Accelerator (Root)
EVO146 SUNWlibgcrypt Libgcrypt - Cryptographic Library
EVO146 SUNWlibgcrypt-devel Libgcrypt - Cryptographic Library - developer files
What package am I missing?
SMF control for IPSEC didn't come along until Solaris 10 5/09. You would need this release (this ability is not provided by patches) in order to control ipsec via SMF:
docs.sun.com Home > Solaris 10 What's New Collection > Solaris 10 5/09 What's New > 1. What's New in the Solaris 10 5/09 Release
SMF Services for IPsec
IP security (IPsec) is now managed by the following Solaris Management Facility (SMF) services:
* svc:/network/ipsec/policy:default The policy service checks for the /etc/inet/ipsecinit.conf file and feeds the data into the IPsec Security Policy Database (SPD). The policy service must be started and its file, /etc/inet/ipsecinit.conf, must exist for boot-time IPsec policy configuration.
* svc:/network/ipsec/ike:default The ike service controls the Internet Key Exchange (IKE) daemon in iked(1M). This service controls ike in a manner similar to other daemon-controlled services like ssh or sendmail.
* svc:/network/ipsec/manual-key:default The manual-key service checks for the /etc/inet/secret/ipseckeys file and feeds the keys into the IPsec Security Association Database (SADB). Prior to SMF, the mere existence of the /etc/inet/secret/ipseckeys file was sufficient, but now the service should also be enabled to load manual IPsec keys.
* svc:/network/ipsec/ipsecalgs:default The ipsecalgs service is enabled by default and maps Solaris Cryptographic Framework algorithms to their use in IPsec. Changes enabled with ipsecalgs(1M) subsequently refresh the ipsecalgs service.
The SMF management brings all the SMF features to IPsec, for example, interface consistency, capability of restarting, and fault-tracking.