TCP Encapsulation of IKE and IPsec Packets
draft-smyslov-ipsecme-rfc8229bis-02

Document Type Replaced Internet-Draft (ipsecme WG)
Authors Valery Smyslov  , Tommy Pauly 
Last updated 2021-03-10 (latest revision 2020-10-29)
Replaced by draft-ietf-ipsecme-rfc8229bis
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream WG state Adopted by a WG
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-ipsecme-rfc8229bis
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-smyslov-ipsecme-rfc8229bis-02.txt

Abstract

This document describes a method to transport Internet Key Exchange Protocol (IKE) and IPsec packets over a TCP connection for traversing network middleboxes that may block IKE negotiation over UDP. This method, referred to as "TCP encapsulation", involves sending both IKE packets for Security Association establishment and Encapsulating Security Payload (ESP) packets over a TCP connection. This method is intended to be used as a fallback option when IKE cannot be negotiated over UDP. TCP encapsulation for IKE and IPsec was defined in [RFC8229]. This document updates specification for TCP encapsulation by including additional calarifications obtained during implementation and deployment of this method. This documents makes RFC8229 obsolete.

Authors

Valery Smyslov (svan@elvis.ru)
Tommy Pauly (tpauly@apple.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)