IPsec, IKEv2 PaC AP DHCPv4 Server PAA EP(AR) | Link-layer | | | | | association| | | | |<---------->| | | | | | | | | | DHCPv4 | | | |<-----------+------------>| | | | | | | | |PANA(Discovery and initial handshake phase | | & PAR-PAN exchange in authentication phase) | |<-----------+-------------------------->| | | | | | | | |Authorization| | | |[IKE-PSK, | | | | PaC-DI, | | | | Session-Id] | | | |------------>| | | | | |PANA(PBR-PBA exchange in authentication phase) | |<-----------+-------------------------->| | | | | | | | IKE | | | (with Configuration Payload exchange or equivalent) | |<-----------+---------------------------------------->| | | | | | | | | IPv4: IPsec-TOA=PRPA (dhcp) IPsec-TIA=POPA (IKE) Alternative: RFC 3456 IPv6: IPsec-TOA= PRPA (link-local) IPsec-TIA= POPA (IKE) |