A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : KEEP_OLD_IKE_SA Extension
Author(s) : Daniel Migault
Filename : draft-mglt-ipsecme-keep-old-ike-sa-00.txt
Pages : 14
Date : 2013-07-05
Abstract:
This document considers a VPN Client setting a VPN with a security
gateway where at least one of the peer has multiple interfaces.
With the current IKEv2, the outer IP addresses of the VPN are
determined by those used by IKEv2 channel. As a result using
multiple interface requires to set an IKEv2 channel on each
interface, and then on each paths if both the VPN Client and the
security gateway have multiple interfaces. Setting multiple IKEv2
channel involves multiple authentications which MAY each require
multiple round trips and delay the VPN establishment. In addition
multiple authentications unnecessarily load the VPN client and the
authentication infrastructure.
This document presents the KEEP_OLD_IKE_SA extension, where an
additional IKEv2 channel from an already authenticated IKEv2 channel.
The newly created IKEv2 channel is set without the IKEv2
authentication exchange. The newly created IKEv2 channel can then be
assigned to another interface using MOBIKE.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-mglt-ipsecme-keep-old-ike-sa
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-mglt-ipsecme-keep-old-ike-sa-00
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
