Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Monitor VPN Phase I

You are here: Monitor > Statistics > Phase I.

Use this page to view information related to IKE security associations.

Table 1 describes the fields on the Phase I page.

Table 1: Fields on the Phase I Page



IKE Security Associations

Refresh Interval (sec)

Indicates the duration of time after which you want the data on the page to be refreshed.


Click the refresh icon at the upper-right corner to display the fresh content.

Clear IKE SA

Clears all the IKE SA numbers on the display.

SA Index

Index number of a SA.

Remote Address

IP address of the destination peer with which the local peer communicates.


State of the IKE security associations:

  • DOWN—SA has not been negotiated with the peer.

  • UP—SA has been negotiated with the peer.

Initiator Cookie

Random number, called a cookie, which is sent to the remote node when the IKE negotiation is triggered.

Responder Cookie

Random number generated by the remote node and sent back to the initiator as a verification that the packets were received.


A cookie is aimed at protecting the computing resources from attack without spending excessive CPU resources to determine the cookie’s authenticity.


Negotiation method agreed upon by the two IPsec endpoints, or peers, used to exchange information. Each exchange type determines the number of messages and the payload types that are contained in each message. The modes, or exchange types, are:

  • Main—The exchange is done with six messages. This mode, or exchange type, encrypts the payload, protecting the identity of the neighbor. The authentication method used is displayed: preshared keys or certificate.

  • Aggressive—The exchange is done with three messages. This mode, or exchange type, does not encrypt the payload, leaving the identity of the neighbor unprotected.