Browse Prior Art Database

Internet Key Exchange (IKEv2) Protocol (RFC4306)

IP.com Disclosure Number: IPCOM000132540D
Original Publication Date: 2005-Dec-01
Included in the Prior Art Database: 2005-Dec-21

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Kaufman: AUTHOR [+2]

Abstract

This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining security associations (SAs).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 1% of the total text.

Network Working Group                                    C. Kaufman, Ed.
Request for Comments: 4306                                     Microsoft
Obsoletes: 2407, 2408, 2409                                December 2005
Category: Standards Track


                 Internet Key Exchange (IKEv2) Protocol

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes version 2 of the Internet Key Exchange (IKE)
   protocol.  IKE is a component of IPsec used for performing mutual
   authentication and establishing and maintaining security associations
   (SAs).

   This version of the IKE specification combines the contents of what
   were previously separate documents, including Internet Security
   Association and Key Management Protocol (ISAKMP, RFC 2408), IKE (RFC
   2409), the Internet Domain of Interpretation (DOI, RFC 2407), Network
   Address Translation (NAT) Traversal, Legacy authentication, and
   remote address acquisition.

   Version 2 of IKE does not interoperate with version 1, but it has
   enough of the header format in common that both versions can
   unambiguously run over the same UDP port.


Kaufman                     Standards Track                     [Page 1]
RFC 4306                         IKEv2                     December 2005


Table of Contents

   1. Introduction ....................................................3
      1.1. Usage Scenarios ............................................5
      1.2. The Initial Exchanges ......................................7
      1.3. The CREATE_CHILD_SA Exchange ...............................9
      1.4. The INFORMATIONAL Exchange ................................11
      1.5. Informational Messages outside of an IKE_SA ...............12
   2. IKE Protocol Details and Variations ............................12
      2.1. Use of Retransmission Timers ..............................13
      2.2. Use of Sequence Numbers for Message ID ....................14
      2.3. Window Size for Overlapping Requests ......................14
      2.4. State Synchronization and Connection Timeouts .............15
      2.5. Version Numbers and Forward Compatibility .................17
      2.6. Cookies ...................................................18
      2.7. Cryptographic Algorithm Negotiation...