Which of the following indicates that aggressive mode ISAKMP peers have created SAs? (Select the best answer.)
- MM_NO_STATEC. AG_AUTH
Of the available choices, the AG_NO_STATE state is most likely to indicate that aggressive mode Internet
Security Association and Key Management Protocol (ISAKMP) peers have created security associations (SAs). The show crypto isakmp sa command displays the status of current IKE SAs on the router. The following states are used during aggressive mode:
– AG_NO_STATE – The peers have created the SA.
– AG_INIT_EXCH – The peers have negotiated SA parameters and exchanged keys.
– AG_AUTH – The peers have authenticated the SA.
The MM_NO_STATE state is the first transaction to occur when setting up Internet Key Exchange (IKE) SAs in main mode MM_NO_STATE indicates that the ISAKMP peers have created their SAs. However, an exchange that does not move past this stage indicates that main mode has failed. The following states are used during main mode:
– MM_NO_STATE – The peers have created the SA.
– MM_SA_SETUP – The peers have negotiated SA parameters.
– MM_KEY_EXCH – The peers have exchanged DiffieHellman (DH) keys and have generated a shared secret.
– MM_KEY_AUTH – The peers have authenticated the SA.
Quick mode is used during IKE phase 2. The only state in quick mode is QM_IDLE, which indicates that IKE phase 1 has completed successfully and that there is an active IKE SA between peers.