RFC 4891:Using IPsec to Secure IPv6-in-IPv4 Tunnel...
RFC-Ref

6 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

IKEv2

Click on the red underlined text to get to the source

4. IKE and IPsec Versions
... IKEv1 in this document) and is now superseded by [RFC4306] (called IKEv2; see also [RFC4718]). There are several differences between them. The differences relevant to ...
... 2. [RFC4301] assumes IKEv2, as some of the new features cannot be negotiated using IKEv1. It is valid ...
... SA in [RFC4301]. This is possible only with IKEv2. If IKEv1 is used, then multiple SAs ...
... security architecture. IKEv2 supports features useful for configuring and securing tunnels not present with IKEv1 ...
... IKEv1. 1. IKEv2 supports legacy authentication methods by carrying them in ...
... password. 2. IKEv2 supports dynamic address configuration, which may be used to configure the IPv6 address ...
... architectures, but the negotiation is integrated with IKEv2. For the purposes of this document, where the confidentiality ...


5. IPsec Configuration Details
... IPV4-TEP2, and protocol value 41 as phase 2 identities. With IKEv2, the traffic selectors are used to carry the same information. ...
... RFC4306]. This is defined in [RFC4301] and hence relevant only when used with IKEv2. As there is currently no defined way to discover the PAD ...
... o The Identity of the peer asserted in the IKEv2 exchange: Many different types of identities can be used. At least, the IPv4 address of the peer should be supported. ...
... IPv4 address of the peer should be supported. o IKEv2 can authenticate the peer by several methods. Pre-shared key ...


6. Recommendations
... attacker to recover the keys. IKEv1 or IKEv2 must be used for establishing the IPsec SAs ...
... establishing the IPsec SAs. IKEv2 should be used where supported and available; if not, IKEv1 may be used instead. ...


7. Security Considerations
... Either IKEv1 or IKEv2 provides a secure signaling protocol for establishing, maintaining, and deleting an IPsec ...
... The NAT traversal mechanism provided by IKEv2 introduces some weaknesses into IKE and IPsec ...


10. References
... Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", RFC 4306prop, December 2005. ...
... Eronen, P., "IKEv2 Mobility and Multihoming Protocol (MOBIKE)", RFC 4555prop ...
... Eronen, P. and P. Hoffman, "IKEv2 Clarifications and Implementation Guidelines", RFC 4718, October 2006. ...


11. Appendix A. Using Tunnel Mode
... IPV6-EP1 and IPV6-TEP2 as phase 2 identities. With IKEv2, the traffic selectors are used to carry the same information. ...
... IPV6_ADDR_SUBNET. With IKEv2, the traffic selectors are used to carry the same information. ...


12. Appendix B. Optional Features
... With the exchange of protected configuration payloads, IKEv2 is able to provide the IKEv2 peer with Dynamic Host Configuration Protocol ...
... payloads, IKEv2 is able to provide the IKEv2 peer with Dynamic Host Configuration Protocol (DHCP ...
... payloads. These configuration payloads are exchanged between the IKEv2 initiator and responder. ...
... RFC3715]. IKEv2 can detect the presence of a NAT automatically by sending NAT ...
... be desirable. MOBIKE [RFC4555] provides a solution when IKEv2 is used, but it only supports tunnel mode. ...
... The IKEv2 initiator needs to know the address of the IKEv2 ...
... IKEv2 initiator needs to know the address of the IKEv2 responder to start ...
... responder to start IKEv2 signaling. A number of ways can be used to provide the initiator ...

6 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org