show security group-vpn member ike security-associations

Index number of an SA. This number is an internally generated number you can use to display information about a single SA.

State of the IKE security associations:

• DOWN—SA has not been negotiated with the peer.

• UP—SA has been negotiated with the peer.

Random number, called a cookie, which is sent to the remote node when the IKE negotiation is triggered.

Random number generated by the remote node and sent back to the initiator as a verification that the packets were received.

A cookie is aimed at protecting the computing resources from attack without spending excessive CPU resources to determine the cookie's authenticity.

Negotiation method agreed on by the two IPsec endpoints, or peers, used to exchange information between themselves. Each exchange type determines the number of messages and the payload types that are contained in each message. The modes, or exchange types, are

• main—The exchange is done with six messages. This mode or exchange type encrypts the payload, protecting the identity of the neighbor. The authentication method used is displayed: preshared keys or certificate.

• aggressive—The exchange is done with three messages. This mode or exchange type does not encrypt the payload, leaving the identity of the neighbor unprotected.

IP address of the destination peer with which the local peer communicates.

IP address of the destination peer with which the local peer communicates.

Negotiation method agreed on by the two IPsec endpoints, or peers, used to exchange information between themselves. Each exchange type determines the number of messages and the payload types that are contained in each message. The modes, or exchange types, are

• main—The exchange is done with six messages. This mode or exchange type encrypts the payload, protecting the identity of the neighbor. The authentication method used is displayed: preshared keys or certificate.

• aggressive—The exchange is done with three messages. This mode or exchange type does not encrypt the payload, leaving the identity of the neighbor unprotected.

Method the server uses to authenticate the source of IKE messages:

• pre-shared-keys—Preshared key for encryption and decryption that both participants must have before beginning tunnel negotiations.

Address of the local peer.

Number of seconds remaining until the IKE SA expires.

Internet Key Exchange (IKE) algorithms used to encrypt and secure exchanges between the peers during the IPsec Phase 2 process:

• Authentication—Type of authentication algorithm used.

  • sha-256—Secure Hash Algorithm 256 authentication.

  • sha-384—Secure Hash Algorithm 384 authentication.

• Encryption—Type of encryption algorithm used.

  • aes-256-cbc—Advanced Encryption Standard (AES) 256-bit encryption.

  • aes-192-cbc— AES192-bit encryption

  • aes-128-cbc—AES 128-bit encryption.

• Input bytes—Number of bytes received.

• Output bytes—Number of bytes transmitted.

• Input packets—Number of packets received.

• Output packets—Number of packets transmitted.