Nonce : a randomly generated number that the initiator sends. This nonce is hashed along with the other items using the agreed key and is sent back. The initiator checks the cookie including the nonce, and rejects any messages which do not have the right nonce. This helps prevent replay since no third party can predict what the randomly generated nonce is going to be.
So that being said I can tell you that the peers exchange this nonce as a authentication method ( to authenticate the remote peer)
So as an example lets say you have a L2L tunnel and the innitiator site sends the isakamp policies previusly configured an a nonce already hashed.
That site will expect to receive a message with the same nonce, if he does not receive the right one well he will know this is not the right host.
As you can see it also helps for anti-replay purposes.
Do rate all the helpful posts
Julio Carvajal Senior Network Security and Core Specialist CCIE #42930, 2xCCNP, JNCIP-SEC
Anti-replay means that since the secure exchange used a hashed value of the unique randomly generated nonce, that a later attempt to establish a secure connection derived from having captured (like a man in the middle attack with packet sniffer) and replaying the session establishment would fail since it would not have the (unhashed) nonce value embedded.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...