%% You should probably cite rfc7791 instead of this I-D.
@techreport{mglt-ipsecme-clone-ike-sa-03,
    number =    {draft-mglt-ipsecme-clone-ike-sa-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/03/},
    author =    {Daniel Migault and Valery Smyslov},
    title =     {{Clone IKE SA Extension}},
    pagetotal = 15,
    year =      2015,
    month =     jan,
    day =       19,
    abstract =  {This document considers a VPN End User setting a VPN with a security gateway where at least one of the peers has multiple interfaces. With the current IKEv2 protocol, the outer IP addresses of the VPN are determined by those used by IKEv2 SA. As a result using multiple interfaces requires to set up an IKEv2 SA on each interface, or on each paths if both the VPN Client and the security gateway have multiple interfaces. Setting each IKEv2 SA involves authentications which might require multiple round trips as well as activity from the VPN User and thus would delay the VPN establishment. In addition multiple authentications unnecessarily increase the load on the VPN client and the authentication infrastructure. This document presents the Clone IKE SA extension, where an additional IKEv2 SA is derived from an existing IKEv2 SA. The newly created IKEv2 SA is set without the IKEv2 authentication exchange. The newly created IKEv2 SA can later be assigned to another interface using MOBIKE protocol.},
}