For the requested stack, zero or more records are returned representing IKE security associations (phase 1 tunnels) used by IKE to negotiate IPSec security associations (phase 2 tunnels) for the given TCP/IP stack. The results are similar to the NMsec_GET_IKETUN request, except that cascaded phase 2 tunnel information is also included in the response. Each phase 2 IP tunnel associated with the given phase 1 IKE tunnel is reported in the result record. Each record contains the following sections:

• One section, NMsecIKETunnel, describes attributes of the IKE SA. The layout of this section is described in NMsec_GET_IKETUN.
• One section, NMsecIKETunStats, describes various counters and statistics for the IKE tunnel. The layout of this section is described in Table 2.
• One variable-length section contains the contents of the local identity used to negotiate the IKE tunnel.
• One variable-length section contains the contents of the remote identity used to negotiate the IKE tunnel.
• One or zero cascaded record containers with a set of dynamic IPSec tunnel records, identified by a single cascading record descriptor in the record header. The records in this section describe the basic tunnel properties of each IPSec security association associated with this IKE tunnel. The format of these cascaded records is described in NMsec_GET_IPTUNDYNIKE.