Internet Key Exchange (IKEv2) Protocol, December 2005
- File formats:
- PROPOSED STANDARD
- RFC 2407, RFC 2408, RFC 2409
- Obsoleted by:
- RFC 5996
- Updated by:
- RFC 5282
- C. Kaufman, Ed.
- ipsec (sec)
Discuss this RFC: Send questions or comments to the mailing list [email protected]
This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining security associations (SAs).
This version of the IKE specification combines the contents of what were previously separate documents, including Internet Security Association and Key Management Protocol (ISAKMP, RFC 2408), IKE (RFC 2409), the Internet Domain of Interpretation (DOI, RFC 2407), Network Address Translation (NAT) Traversal, Legacy authentication, and remote address acquisition.
Version 2 of IKE does not interoperate with version 1, but it has enough of the header format in common that both versions can unambiguously run over the same UDP port. [STANDARDS-TRACK]
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.