TCP Encapsulation of IKE and IPsec Packets
draft-smyslov-ipsecme-rfc8229bis-02
| Document | Type |
Replaced Internet-Draft
(ipsecme WG)
Expired & archived
|
|
|---|---|---|---|
| Authors | Valery Smyslov , Tommy Pauly | ||
| Last updated | 2021-03-10 (Latest revision 2020-10-29) | ||
| Replaced by | RFC 9329 | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Adopted by a WG | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-ipsecme-rfc8229bis | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document describes a method to transport Internet Key Exchange Protocol (IKE) and IPsec packets over a TCP connection for traversing network middleboxes that may block IKE negotiation over UDP. This method, referred to as "TCP encapsulation", involves sending both IKE packets for Security Association establishment and Encapsulating Security Payload (ESP) packets over a TCP connection. This method is intended to be used as a fallback option when IKE cannot be negotiated over UDP. TCP encapsulation for IKE and IPsec was defined in [RFC8229]. This document updates specification for TCP encapsulation by including additional calarifications obtained during implementation and deployment of this method. This documents makes RFC8229 obsolete.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)