Motorola WiNG 5.4.2 System Reference Manual page 760

13 - 134 WiNG 5.4.2 Access Point System Reference Guide
5. Review the following VPN peer security association statistics:
Peer
Local IP Address
Protocol
State
SPI In
SPI Out
Mode
Figure 13-75 Access Point - VPN IPSec screen
Lists peer IDs for peers sharing security associations (SA) for tunnel interoperability. When a
peer sees a sensitive packet, it creates a secure tunnel and sends the packet through the
tunnel to its destination.
Displays each listed peer's local tunnel end point IP address. This address represents an
alternative to an interface IP address.
Lists the security protocol used with the VPN IPSec tunnel connection. SAs are unidirectional,
existing in each direction and established per security protocol. Options include ESP and AH.
Lists the state of each listed peer's security association.
Lists stateful packet inspection (SPI) status for incoming IPSec tunnel packets. SPI tracks each
connection traversing the IPSec VPN tunnel and ensures they are valid.
Lists stateful packet inspection (SPI) status for outgoing IPSec tunnel packets. SPI tracks each
connection traversing the IPSec VPN tunnel and ensures they are valid.
Displays the IKE mode as either Main or Aggressive. IPSEC has two modes in IKEv1 for key
exchanges. Aggressive mode requires 3 messages be exchanged between the IPSEC peers to
setup the SA, Main requires 6 messages.