Alternate Tunnel Addresses for IKEv2

Document Type Expired Internet-Draft (individual)
Last updated 2010-04-22
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


IKEv2 is a protocol for setting up Virtual Private Network (VPN) tunnels from a remote location to a gateway so that the VPN client can access services in the network behind the gateway. Currently the IKE SAs and tunnel mode Ipsec SA's are created implicitly between the IP addresses that are used when the IKE_SA is established. These IP addresses are then used as the outer (tunnel header) addresses for tunnel mode IPSEC packets (transport mode IPsec SAs are beyond the scope of this document). This document defines an IKEv2 extension that allows the outer tunnel header addresses for the tunnel mode IPSEC packets to be different than the IKE peer IP addresses.


Jitender Arora (
Prashant Kumar (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)