Additional Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol
Starent Networks
Starent Networks
The Internet Key Exchange (IKEv2) protocol defines a way to establish IPsec security association between two end points. Normally the protocol requires a single authentication step to complete the exchange and establish IPsec security association between the end points. However, there are situations were more than one authentication exchange is required potentially with different authenticating domains. It is also possible that multiple authentication steps are performed to authenticate the endpoints for different services with different traffic selectors. This document proposes an extension to IKEv2 protocol to achieve this goal with a single IKE SA.