42-17
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter42 Viewing Router Information
VPN Status
IKE SAs
This group displays the following statistics about each active IKE security
association configured on the router:
Source IP column
The IP address of the peer originating the IKE SA.
Destination IP column
The IP address of the remote IKE peer.
State column
Describes the current state of IKE negotiations. The following states are
possible:
MM_NO_STATE—The Internet Security Association and Key
Management Protocol (ISAKMP) SA has been created but nothing else
has happened yet.
MM_SA_SETUP—The peers have agreed on parameters for the
ISAKMP SA.
MM_KEY_EXCH—The peers have exchanged Diffie-Hellman public
keys and have generated a shared secret. The ISAKMP S A remains
unauthenticated.
MM_KEY_AUTH—The ISAKMP SA has been authenticated. If the
router initiated this exchange, this state transitions immediately to
QM_IDLE and a Quick mode exchange begins.
AG_NO_STATE—The ISAKMP SA has been created but nothing else
has happened yet.
AG_INIT_EXCH—The peers have done the first exchange in Aggressive
mode but the SA is not authenticated.
AG_AUTH—The ISAKMP SA has been authenticated. If the router
initiated this exchange, this state transitions immediately to QM_IDLE
and a Quick mode exchange begins.
QM_IDLE—The ISAKMP SA is idle. It remains authenticated with its
peer and may be used for subsequent Quick mode exchang es.
Update button—Click this button to refresh the IKE SA table and display the
most current data from the router.