Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Monitor VPN—Phase I

 

You are here: Monitor > VPN > Phase I.

Use this page to view information related to IKE security associations.

Table 1 describes the fields on the Phase I page.

Table 1: Fields on the Phase I Page

Field

Description

IKE Security Associations

Refresh Interval

Indicates the duration of time after which you want the data on the page to be refreshed.

Refresh

Click the refresh icon at the top right corner to display the fresh content.

Clear IKE SA

Clears all the IKE SA numbers on the display.

SA Index

Index number of an SA.

Remote Address

IP address of the destination peer with which the local peer communicates.

State

State of the IKE security associations:

  • DOWN—SA has not been negotiated with the peer.

  • UP—SA has been negotiated with the peer.

Initiator Cookie

Random number, called a cookie, which is sent to the remote node when the IKE negotiation is triggered.

Responder Cookie

Random number generated by the remote node and sent back to the initiator as a verification that the packets were received.

Note: A cookie is aimed at protecting the computing resources from attack without spending excessive CPU resources to determine the cookie’s authenticity.

Mode

Negotiation method agreed upon by the two IPsec endpoints, or peers, used to exchange information. Each exchange type determines the number of messages and the payload types that are contained in each message. The modes, or exchange types, are:

  • Main—The exchange is done with six messages. This mode, or exchange type, encrypts the payload, protecting the identity of the neighbor. The authentication method used is displayed: preshared keys or certificate.

  • Aggressive—The exchange is done with three messages. This mode, or exchange type, does not encrypt the payload, leaving the identity of the neighbor unprotected.

Related Documentation