Skip to main content

TCP Encapsulation of IKE and IPsec Packets
draft-smyslov-ipsecme-rfc8229bis-02

Document Type Replaced Internet-Draft (ipsecme WG)
Expired & archived
Authors Valery Smyslov , Tommy Pauly
Last updated 2021-03-10 (Latest revision 2020-10-29)
Replaced by draft-ietf-ipsecme-rfc8229bis
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Additional resources Mailing list discussion
Stream WG state Adopted by a WG
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-ipsecme-rfc8229bis
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

This document describes a method to transport Internet Key Exchange Protocol (IKE) and IPsec packets over a TCP connection for traversing network middleboxes that may block IKE negotiation over UDP. This method, referred to as "TCP encapsulation", involves sending both IKE packets for Security Association establishment and Encapsulating Security Payload (ESP) packets over a TCP connection. This method is intended to be used as a fallback option when IKE cannot be negotiated over UDP. TCP encapsulation for IKE and IPsec was defined in [RFC8229]. This document updates specification for TCP encapsulation by including additional calarifications obtained during implementation and deployment of this method. This documents makes RFC8229 obsolete.

Authors

Valery Smyslov
Tommy Pauly

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)