Quick mode (phase 2) SA states with commit-bit support
Figure 1 shows interpreting Quick mode (phase 2) SA states with commit-bit support.
The following state descriptions apply to the Communications
Server IKE daemon when acting as the initiator or responder of a Quick
mode (phase 2) SA negotiation with commit-bit support (Figure 1). These states are shown in the
state field of the ipsec -y display -b command
output. See Quick mode with commit bit for a description
of the contents of the messages.
- The INIT state on the initiator side indicates that message 2 has not yet been received.
- The INIT state on the responder side indicates that the responder has not yet sent message 2.
- A phase 1 SA must be established between the initiator and responder before the initiator can send message 1 of Quick mode. The PENDING state indicates that the initiator is waiting for a phase 1 negotiation to complete with the responder. For more information, see Interpreting IKEv1 daemon phase 1 SA states. After the phase 1 negotiation completes, message 1 of Quick mode can be sent.
- The KEP state on the initiator side indicates that message 2 has been received.
- The KEP state on the responder side indicates that message 2 has been sent.
- The NOTIFY state indicates that the initiator has sent message 3 and is waiting for message 4.
- The DONE state on the initiator side indicates that message 4 has been received.
- The DONE state on the responder side indicates that message 4 has been sent.