Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Monitor VPN Phase I

You are here: Monitor > Statistics > Phase I.

Use this page to view information related to IKE security associations.

Table 1 describes the fields on the Phase I page.

Table 1: Fields on the Phase I Page
Field	Description
IKE Security Associations
Refresh Interval (sec)	Indicates the duration of time after which you want the data on the page to be refreshed.
Refresh	Click the refresh icon at the upper-right corner to display the fresh content.
Clear IKE SA	Clears all the IKE SA numbers on the display.
SA Index	Index number of a SA.
Remote Address	IP address of the destination peer with which the local peer communicates.
State	State of the IKE security associations: DOWN—SA has not been negotiated with the peer. UP—SA has been negotiated with the peer.
Initiator Cookie	Random number, called a cookie, which is sent to the remote node when the IKE negotiation is triggered.
Responder Cookie	Random number generated by the remote node and sent back to the initiator as a verification that the packets were received. Note: A cookie is aimed at protecting the computing resources from attack without spending excessive CPU resources to determine the cookie’s authenticity.
Mode	Negotiation method agreed upon by the two IPsec endpoints, or peers, used to exchange information. Each exchange type determines the number of messages and the payload types that are contained in each message. The modes, or exchange types, are: Main—The exchange is done with six messages. This mode, or exchange type, encrypts the payload, protecting the identity of the neighbor. The authentication method used is displayed: preshared keys or certificate. Aggressive—The exchange is done with three messages. This mode, or exchange type, does not encrypt the payload, leaving the identity of the neighbor unprotected.