IP
Click on the red underlined text to get to the source
... SA is negotiated. In
contrast, [RFC4301] requires supporting IP as the next layer
protocol (like TCP or UDP ...
... Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE)", RFC 4023prop ...
... Kent, S., "IP Authentication Header", RFC 4302prop, December 2005. ...
... SPDs": some implementations model the tunnel mode SA as
an IP interface. In this case, an IPsec tunnel interface ...
... 2. "Specific SPDs": some implementations do not model the tunnel
mode SA as an IP interface. Traffic selection is based on
specific SPD ...
... RANGE. The starting address is zero IP address
and the end address is all zeroes for ID_IPV6 ...
... More details about UDP encapsulation of IPsec-protected IP packets
can be found in [RFC3948].
...
... crude form of mobility and in scenarios where the NAT changes the
IP addresses frequently. However, as the outer address may
change, this might introduce new security issues ...
... In particular, using manually configured tunneling is an operational
challenge with dynamic IP addresses, because both ends need to be
reconfigured if an address changes. Therefore, an easy and efficient
...
... way to re-establish the IPsec tunnel if the IP address changes would
be desirable. MOBIKE [RFC4555 ...
... endpoint discovery provides benefit only if PAD information
is chosen in such a manner that it is not IP-address specific.
...