42-17
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter 42 Viewing Router Information
VPN Status
IKE SAs
This group displays the following statistics about each active IKE security
association configured on the router:
• Source IP column
The IP address of the peer originating the IKE SA.
• Destination IP column
The IP address of the remote IKE peer.
• State column
Describes the current state of IKE negotiations. The following states are
possible:
–
MM_NO_STATE—The Internet Security Association and Key
Management Protocol (ISAKMP) SA has been created but nothing else
has happened yet.
–
MM_SA_SETUP—The peers have agreed on parameters for the
ISAKMP SA.
–
MM_KEY_EXCH—The peers have exchanged Diffie-Hellman public
keys and have generated a shared secret. The ISAKMP SA remains
unauthenticated.
–
MM_KEY_AUTH—The ISAKMP SA has been authenticated. If the
router initiated this exchange, this state transitions immediately to
QM_IDLE and a Quick mode exchange begins.
–
AG_NO_STATE—The ISAKMP SA has been created but nothing else
has happened yet.
–
AG_INIT_EXCH—The peers have done the first exchange in Aggressive
mode but the SA is not authenticated.
–
AG_AUTH—The ISAKMP SA has been authenticated. If the router
initiated this exchange, this state transitions immediately to QM_IDLE
and a Quick mode exchange begins.
–
QM_IDLE—The ISAKMP SA is idle. It remains authenticated with its
peer and may be used for subsequent Quick mode exchanges.
• Update button—Click this button to refresh the IKE SA table and display the
most current data from the router.