QM_IDLE*** – The ISAKMP SA is idle and authenticated.The following mode is found in IKE Quick Mode, phase 2 AG_AUTH** – ISAKMP SA’s have been authenticated in aggressive mode and will proceed to QM_IDLE immediately.AG_INIT_EXCH** – Peers have exchanged their first set of packets in aggressive mode, but have not authenticated yet.AG_NO_STATE** – ISAKMP SA process has started but has not continued to form (typically do to a connectivity issue with the peer).The following three modes are found in IKE aggressive mode MM_KEY_AUTH* – ISAKMP SA’s have been authenticated in main mode and will proceed to QM_IDLE immediately.(This state could also mean there is a mis-matched authentication type or PSK, if it does not proceed to the next step) MM_KEY_EXCH* – Both peers exchange their DH keys and are generating their secret keys. MM_SA_SETUP* – Both peers agree on ISAKMP SA parameters and will move along the process.MM_NO_STATE* – ISAKMP SA process has started but has not continued to form (typically due to a connectivity issue with the peer). The following four modes are found in IKE main mode This command will tell us the status of our negotiations, here are some of the common ISAKMP SA status’ I know my last few posts have been focused on either how IPSec functions or the configuration so now that we know how to configure IPSec how can we make sure our IPSec VPN is up, functional, and passing traffic? Well there are a few different commands we can issue to check on the status or our IPSec VPN:
0 Comments
Leave a Reply. |