RFC 5996 - Internet Key Exchange Protocol Version 2 (IKEv2)

Authors: C. Kaufman (Microsoft), P. Hoffman (VPN Consortium), Y. Nir (Check Point), P. Eronen (Independent)
Date: September 2010
Status: Standards Track
Obsoletes: RFC 4306, RFC 4718

Abstract

This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document replaces and updates RFC 4306, and includes all of the clarifications from RFC 4718.

Contents

• 1. Introduction
  • 1.1. Usage Scenarios
    • 1.1.1. Security Gateway to Security Gateway in Tunnel Mode
    • 1.1.2. Endpoint-to-Endpoint Transport Mode
    • 1.1.3. Endpoint to Security Gateway in Tunnel Mode
    • 1.1.4. Other Scenarios
  • 1.2. The Initial Exchanges
  • 1.3. The CREATE_CHILD_SA Exchange
    • 1.3.1. Creating New Child SAs
    • 1.3.2. Rekeying IKE SAs
    • 1.3.3. Rekeying Child SAs
  • 1.4. The INFORMATIONAL Exchange
    • 1.4.1. Deleting an SA
  • 1.5. Informational Messages outside of an IKE SA
  • 1.6. Requirements Terminology
  • 1.7. Significant Differences from RFC 4306
• 2. IKE Protocol Details and Variations
  • 2.1. Use of Retransmission Timers
  • 2.2. Use of Sequence Numbers for Message ID
  • 2.3. Window Size for Overlapping Requests
  • 2.4. State Synchronization and Connection Timeouts
  • 2.5. Version Numbers and Forward Compatibility
  • 2.6. IKE SA SPIs and Cookies
  • 2.7. Cryptographic Algorithm Negotiation
  • 2.8. Rekeying
  • 2.9. Traffic Selector Negotiation
  • 2.10. Nonces
  • 2.11. Address and Port Agility
  • 2.12. Reuse of Diffie-Hellman Exponentials
  • 2.13. Generating Keying Material
  • 2.14. Generating Keying Material for the IKE SA
  • 2.15. Authentication of the IKE SA
  • 2.16. Extensible Authentication Protocol Methods
  • 2.17. Generating Keying Material for Child SAs
  • 2.18. Rekeying IKE SAs Using CREATE_CHILD_SA
  • 2.19. Requesting an Internal Address
  • 2.20. Requesting the Peer's Version
  • 2.21. Error Handling
  • 2.22. IPComp
  • 2.23. NAT Traversal
  • 2.24. Explicit Congestion Notification
  • 2.25. Exchange Collisions
• 3. Header and Payload Formats
  • 3.1. The IKE Header
  • 3.2. Generic Payload Header
  • 3.3. Security Association Payload
  • 3.4. Key Exchange Payload
  • 3.5. Identification Payloads
  • 3.6. Certificate Payload
  • 3.7. Certificate Request Payload
  • 3.8. Authentication Payload
  • 3.9. Nonce Payload
  • 3.10. Notify Payload
  • 3.11. Delete Payload
  • 3.12. Vendor ID Payload
  • 3.13. Traffic Selector Payload
  • 3.14. Encrypted Payload
  • 3.15. Configuration Payload
  • 3.16. Extensible Authentication Protocol Payload
• 4. Conformance Requirements
• 5. Security Considerations
  • 5.1. Traffic Selector Authorization
• 6. IANA Considerations
• 7. Acknowledgements
• 8. References
  • 8.1. Normative References
  • 8.2. Informative References
• Appendix A. Summary of Changes from IKEv1
• Appendix B. Diffie-Hellman Groups
• Appendix C. Exchanges and Payloads

Copyright Notice

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.