Last Updated on August 2, 2021 by Admin 3
Which of the following is most likely to indicate that the configured main mode ISAKMP policy does not match the policy proposed by the remote peer? (Select the best answer.)
Of the available choices, the MM_NO_STATE state is most likely to indicate that the configured main mode Internet Security Association and Key Management Protocol (ISAKMP) policy does not match the policy proposed by the remote peer. The MM_NO_STATE state is the first transaction to occur when setting up Internet Key Exchange (IKE) security associations (SAs) in main mode. The show crypto isakmp sacommand displays the status of current IKE SAs on the router. MM_NO_STATE indicates that the ISAKMP peers have created their SAs. However, an exchange that does not move past this stage indicates that main mode has failed. The following states are used during main mode:
MM_NO_STATE – The peers have created the SA.
MM_SA_SETUP – The peers have negotiated SA parameters.
MM_KEY_EXCH – The peers have exchanged DiffieHellman (DH) keys and have generated a shared secret.
MM_KEY_AUTH – The peers have authenticated the SA.
The following states are used during aggressive mode:
AG_NO_STATE – The peers have created the SA.
AG_INIT_EXCH – The peers have negotiated SA parameters and exchanged keys.
AG_AUTH – The peers have authenticated the SA.
Quick mode is used during IKE phase 2. The only state in quick mode is QM_IDLE, which indicates that IKE phase 1 has completed successfully and that there is an active IKE SA between peers.