Main mode negotiation establishes a secure channel between two computers by determining a set of cryptographic protection suites, exchanging keying material to establish a shared secret key, and authenticating computer and user identities. A security association (SA) is the information maintained about that secure channel on the local computer so that it can use the information for future network traffic to the remote computer. You can monitor main mode SAs for information like which peers are currently connected to this computer and which protection suite was used to form the SA.

To get to this view
  • In the Windows Firewall with Advanced Security MMC snap-in, expand Monitoring, expand Security Associations, and then click Main Mode.

The following information is available in the table view of all main mode SAs. To see the information for a single main mode SA, double-click the SA in the list.

Main mode SA information

You can add, remove, reorder, and sort by these columns in the Results pane:

  • Local Address: The local computer IP address.

  • Remote Address: The remote computer or peer IP address.

  • 1st Authentication Method: The authentication method used to create the SA.

  • 1st Authentication Local ID:: The authenticated identity of the local computer used in first authentication.

  • 1st Authentication Remote ID: The authenticated identity of the remote computer used in first authentication.

  • 2nd Authentication Method: The authentication method used in the SA.

  • 2nd Authentication Local ID:: The authenticated identity of the local computer used in second authentication.

  • 2nd Authentication Remote ID: The authenticated identity of the remote computer used in second authentication.

  • Encryption: The encryption method used by the SA to secure quick mode key exchanges.

  • Integrity: The data integrity method used by the SA to secure quick mode key exchanges.

  • Key Exchange: The Diffie-Hellman group used to create the main mode SA.

Any user account can be used to complete this procedure.

To add, remove, or reorder a column
  1. Right-click in a blank area in the Results pane for the Main Mode folder, select View, and then click Add/Remove Columns.

  2. In the Add/Remove Columns dialog box, from the Available columns list, select the column you want to view, and then click Add. You can select only one column name at a time.

  3. You can also select columns that you do not want to view. From the Displayed columns list, click Remove. You can select only one column name at a time.

  4. To reorder the columns, from left to right, select a column in the Displayed columns list, and then click Move Up or Move Down. You can select only one column name at a time.

  5. When you are finished, click OK. The view will change to reflect your preferences.

Additional references


Table Of Contents