Cloning the IKE Security Association in the Internet Key Exchange Protocol Version 2
RFC 7791, “Cloning the IKE Security Association in the Internet Key Exchange Protocol Version 2”, is a Proposed Standard document published in March 2016 by D. Migault, V. Smyslov. The canonical text is published by the RFC Editor.
Abstract
This document considers a VPN end user establishing an IPsec Security Association (SA) with a Security Gateway using the Internet Key Exchange Protocol version 2 (IKEv2), where at least one of the peers has multiple interfaces or where Security Gateway is a cluster with each node having its own IP address.
The protocol described allows a peer to clone an IKEv2 SA, where an additional SA is derived from an existing one. The newly created IKE SA is set without the IKEv2 authentication exchange. This IKE SA can later be assigned to another interface or moved to another cluster node.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 7791 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7790 Mapping Characters for Classes of the Preparation, Enforcement, and Comparison of Internationalized Strings
- RFC 7792 RSVP-TE Signaling Extensions in Support of Flexi-Grid Dense Wavelength Division Multiplexing Networks
- RFC 7789 Impact of BGP Filtering on Inter-Domain Routing Policies
- RFC 7793 Adding 100.64.0.0/10 Prefixes to the IPv4 Locally-Served DNS Zones Registry
- RFC 7788 Home Networking Control Protocol
- RFC 7794 IS-IS Prefix Attributes for Extended IPv4 and IPv6 Reachability
- RFC 7787 Distributed Node Consensus Protocol
- RFC 7795 Pseudowire Redundancy on the Switching Provider Edge