Which of the following indicates that aggressive mode ISAKMP peers have created SAs? (Select the best
answer.)

A.
AG_NO_STATE

B.
MM_NO_STATEC. AG_AUTH

C.
MM_KEY_AUTH

D.
QM_IDLE

Explanation:
Of the available choices, the AG_NO_STATE state is most likely to indicate that aggressive mode Internet
Security Association and Key Management Protocol (ISAKMP) peers have created security associations (SAs).
The show crypto isakmp sa command displays the status of current IKE SAs on the router. The following states
are used during aggressive mode:
– AG_NO_STATE – The peers have created the SA.
– AG_INIT_EXCH – The peers have negotiated SA parameters and exchanged keys.
– AG_AUTH – The peers have authenticated the SA.
The MM_NO_STATE state is the first transaction to occur when setting up Internet Key Exchange (IKE) SAs in
main mode MM_NO_STATE indicates that the ISAKMP peers have created their SAs. However, an exchange
that does not move past this stage indicates that main mode has failed. The following states are used during
main mode:
– MM_NO_STATE – The peers have created the SA.
– MM_SA_SETUP – The peers have negotiated SA parameters.
– MM_KEY_EXCH – The peers have exchanged DiffieHellman (DH) keys and have generated a shared secret.
– MM_KEY_AUTH – The peers have authenticated the SA.
Quick mode is used during IKE phase 2. The only state in quick mode is QM_IDLE, which indicates that IKE
phase 1 has completed successfully and that there is an active IKE SA between peers.

Cisco: Most Common DMVPN Troubleshooting Solutions
Cisco: Cisco IOS Security Command Reference: show crypto isakmp sa