Appendix C. Exchanges and Payloads (交換とペイロード)
Appendix C. Exchanges and Payloads (交換とペイロード)
本付録は IKEv2 の交換の簡潔な要約と, どのメッセージにどのペイロードが現れ得るかを示します. 本付録は参考情報のみです. 本文と矛盾する場合は, 本文が正しいとみなされます.
Vendor ID (ベンダ ID, V) ペイロードは任意のメッセージの任意の位置に含めてよいものとします. ここに示す順序は, 最も論理的な配置です.
C.1. IKE_SA_INIT 交換
要求 --> [N(COOKIE),]
SA, KE, Ni,
[N(NAT_DETECTION_SOURCE_IP)+,
N(NAT_DETECTION_DESTINATION_IP),]
[V+][N+]
通常の応答 <-- SA, KE, Nr,
(cookie なし) [N(NAT_DETECTION_SOURCE_IP),
N(NAT_DETECTION_DESTINATION_IP),]
[[N(HTTP_CERT_LOOKUP_SUPPORTED),] CERTREQ+,]
[V+][N+]
cookie 応答 <-- N(COOKIE),
[V+][N+]
異なる <-- N(INVALID_KE_PAYLOAD),
Diffie-Hellman 群が [V+][N+]
必要
C.2. EAP なしの IKE_AUTH 交換
要求 --> IDi, [CERT+,]
[N(INITIAL_CONTACT),]
[[N(HTTP_CERT_LOOKUP_SUPPORTED),] CERTREQ+,]
[IDr,]
AUTH,
[CP(CFG_REQUEST),]
[N(IPCOMP_SUPPORTED)+,]
[N(USE_TRANSPORT_MODE),]
[N(ESP_TFC_PADDING_NOT_SUPPORTED),]
[N(NON_FIRST_FRAGMENTS_ALSO),]
SA, TSi, TSr,
[V+][N+]
応答 <-- IDr, [CERT+,]
AUTH,
[CP(CFG_REPLY),]
[N(IPCOMP_SUPPORTED),]
[N(USE_TRANSPORT_MODE),]
[N(ESP_TFC_PADDING_NOT_SUPPORTED),]
[N(NON_FIRST_FRAGMENTS_ALSO),]
SA, TSi, TSr,
[N(ADDITIONAL_TS_POSSIBLE),]
[V+][N+]
Child SA 作成エラー <-- IDr, [CERT+,]
AUTH,
N(error),
[V+][N+]
C.3. EAP ありの IKE_AUTH 交換
最初の要求 --> IDi,
[N(INITIAL_CONTACT),]
[[N(HTTP_CERT_LOOKUP_SUPPORTED),] CERTREQ+,]
[IDr,]
[CP(CFG_REQUEST),]
[N(IPCOMP_SUPPORTED)+,]
[N(USE_TRANSPORT_MODE),]
[N(ESP_TFC_PADDING_NOT_SUPPORTED),]
[N(NON_FIRST_FRAGMENTS_ALSO),]
SA, TSi, TSr,
[V+][N+]
最初の応答 <-- IDr, [CERT+,] AUTH,
EAP,
[V+][N+]
/ --> EAP
1..N 回繰り返し |
\ <-- EAP
最後の要求 --> AUTH
最後の応答 <-- AUTH,
[CP(CFG_REPLY),]
[N(IPCOMP_SUPPORTED),]
[N(USE_TRANSPORT_MODE),]
[N(ESP_TFC_PADDING_NOT_SUPPORTED),]
[N(NON_FIRST_FRAGMENTS_ALSO),]
SA, TSi, TSr,
[N(ADDITIONAL_TS_POSSIBLE),]
[V+][N+]
C.4. Child SA の作成または再鍵化のための CREATE_CHILD_SA 交換
要求 --> [N(REKEY_SA),]
[CP(CFG_REQUEST),]
[N(IPCOMP_SUPPORTED)+,]
[N(USE_TRANSPORT_MODE),]
[N(ESP_TFC_PADDING_NOT_SUPPORTED),]
[N(NON_FIRST_FRAGMENTS_ALSO),]
SA, Ni, [KEi,] TSi, TSr,
[V+][N+]
通常の <-- [CP(CFG_REPLY),]
応答 [N(IPCOMP_SUPPORTED),]
[N(USE_TRANSPORT_MODE),]
[N(ESP_TFC_PADDING_NOT_SUPPORTED),]
[N(NON_FIRST_FRAGMENTS_ALSO),]
SA, Nr, [KEr,] TSi, TSr,
[N(ADDITIONAL_TS_POSSIBLE),]
[V+][N+]
エラー時 <-- N(error)
異なる <-- N(INVALID_KE_PAYLOAD),
Diffie-Hellman 群が [V+][N+]
必要
C.5. IKE SA の再鍵化のための CREATE_CHILD_SA 交換
要求 --> SA, Ni, KEi,
[V+][N+]
応答 <-- SA, Nr, KEr,
[V+][N+]
C.6. INFORMATIONAL 交換
要求 --> [N+,]
[D+,]
[CP(CFG_REQUEST)]
応答 <-- [N+,]
[D+,]
[CP(CFG_REPLY)]