Display IKE Phase 1 Security Association

Use the following procedure to view the IKE Phase 1 security association.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Click IKE.
  3. Click the SA tab.

IKE SA field descriptions

Use the data in the following table to use the IKE > SA tab.

Name

Description

Id

Specifies the profile ID.

LocalIfIndex

Specifies the Interface Index of the local address. Only port and vlan interfaces are supported.

LocalAddrType

Specifies whether the local address is an IPv4 or IPv6 address.

LocalAddr

Specifies the address of the local peer.

RemoteAddrType

Specifies whether the remote address is an IPv4 or IPv6 address.

RemoteAddr

Specifies the address of the remote peer.

Name

Specifies the name given to the SA.

AuthenticationMethod

Specifies the proposed authentication method for the Phase 1 security association.

The default authentication method is pre-shared key.

DPDTimeout

Specifies the Dead Peer Detection timeout in seconds.

HashAlgorithm

Specifies the hash algorithm negotiated for this IKE Phase 1 SA.

EncryptionAlgorithm

Specifies the encryption algorithm negotiated for this IKE Phase 1 SA.

EncryptKeyLen

Specifies the encryption key length negotiated for this IKE Phase 1 SA.

DHGroup

Specifies the Diffie-Hellman group negotiated for this IKE Phase 1 SA.

ExchangeMode

Specifies the IKE Phase 1 SA mode.

LifetimeSeconds

Specifies the amount of time for which an IKE Phase 1 SA can remain valid during IKE Phase 1 negotiation. A value of 0 means no the SA always remains valid.

Status

Specifies whether the SA is active or inactive.

Initiator

Specifies whether specifies the whether the SA is created by an initiator or a responder.