John wants to analyze the Main Mode IPSec statistics on a member server running Windows Server 2003. The server is accessed frequently by a number of clients. Which of the following should he do to export statistical information for future analysis?
Explanation
Answer - B - To export this statistical information for future analysis, John should type netsh ipsec dynamic show stats type=ike>File- Name.txt at the command line.
Key Takeaway: In an IPSec VPN, IKE phase 1 occurs in two modes, main mode and aggressive mode. Main mode has three two-way exchanges between the initiator and the receiver. At the first exchange, the algorithms and hashes used to secure the IKE communications are agreed upon in matching IKE SAs in each peer.
At the second exchange, it uses a Diffie-Hellman exchange to generate shared secret keying material used to generate shared secret keys. In the third exchange, it verifies the other side's identity. The main outcome of main mode is matching IKE SAs between peers to provide a protected pipe for exchanges between the IKE peers.
