Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2

Document Type Replaced Internet-Draft (individual)
Last updated 2018-09-07
Replaced by draft-smyslov-ipsecme-tcp-guidelines
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-smyslov-ipsecme-tcp-guidelines
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The Internet Key Exchange Protocol version 2 (IKEv2) defined in [RFC7296] uses UDP transport for its messages. [RFC8229] specifies a way to encapsulate IKEv2 and ESP (Encapsulating Security Payload) messages in TCP, thus making possible to use them in network environments that block UDP traffic. However, some nuances of using TCP in IKEv2 are not covered by that specification. This document provides clarifications and implementation guidelines for [RFC8229].


Valery Smyslov (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)