Guidelines for using IPsec and IKEv2

Document Type Expired Internet-Draft (individual)
Authors Lakshminath Dondeti  , Vidya Narayanan 
Last updated 2006-10-19
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


IPsec encapsulation can be used to provide a secure channel between two entities, to enforce controlled access to a network, or to provide any combination of integrity protection, confidentiality, replay protection, and traffic flow confidentiality of data being transmitted between two or more endpoints over untrusted transmission media or networks. Whereas various assortments of the protections are possible to provide, it is not always safe to use some of the combinations. Next, IPsec SAs are established either manually or using a key management protocol such as IKEv2 with entity authentication verified locally or with the assistance of a third party. This document specifies when and how to use IPsec and IKEv2 and what combinations of protections afforded by those protocols are safe and when.


Lakshminath Dondeti (
Vidya Narayanan (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)