RFC4301 Security Architecture IKEv2 supersedes IKEv1 for KEY/SA management protocol Security Protocol Per RFC4301, IPsec implementations MUST support ESP and MAY support AH. But no support of NAT-T for AH. IPsec inter-operability with L2TPv2 If a SC (responder) changes it IP address (e.g., for load-balancing), the SC MUST send a StopCCN according to RFC3193, section 4. A new IKE_SA and CHILD_SA is established by deleting the previous SA. Hubs & Spokes |