Ike Sas - Cisco ROUTER-SDM-CD User Manual

Chapter 42 Viewing Router Information

IKE SAs

OL-4015-12
This group displays the following statistics about each active IKE security
association configured on the router:
Source IP column
•
The IP address of the peer originating the IKE SA.
Destination IP column
•
The IP address of the remote IKE peer.
State column
•
Describes the current state of IKE negotiations. The following states are
possible:
MM_NO_STATE—The Internet Security Association and Key
–
Management Protocol (ISAKMP) SA has been created but nothing else
has happened yet.
MM_SA_SETUP—The peers have agreed on parameters for the
–
ISAKMP SA.
– MM_KEY_EXCH—The peers have exchanged Diffie-Hellman public
keys and have generated a shared secret. The ISAKMP SA remains
unauthenticated.
MM_KEY_AUTH—The ISAKMP SA has been authenticated. If the
–
router initiated this exchange, this state transitions immediately to
QM_IDLE and a Quick mode exchange begins.
AG_NO_STATE—The ISAKMP SA has been created but nothing else
–
has happened yet.
AG_INIT_EXCH—The peers have done the first exchange in Aggressive
–
mode but the SA is not authenticated.
AG_AUTH—The ISAKMP SA has been authenticated. If the router
–
initiated this exchange, this state transitions immediately to QM_IDLE
and a Quick mode exchange begins.
QM_IDLE—The ISAKMP SA is idle. It remains authenticated with its
–
peer and may be used for subsequent Quick mode exchanges.
Update button—Click this button to refresh the IKE SA table and display the
•
most current data from the router.
Cisco Router and Security Device Manager 2.5 User's Guide
VPN Status
42-17