{"draft":"draft-ietf-ipsecme-rfc8229bis-09","doc_id":"RFC9329","title":"TCP Encapsulation of Internet Key Exchange Protocol (IKE) and IPsec Packets","authors":["T. Pauly","V. Smyslov"],"format":["HTML","TEXT","PDF","XML"],"page_count":"30","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IP Security Maintenance and Extensions","abstract":"This document describes a method to transport Internet Key Exchange\r\nProtocol (IKE) and IPsec packets over a TCP connection for traversing\r\nnetwork middleboxes that may block IKE negotiation over UDP.  This\r\nmethod, referred to as \"TCP encapsulation\", involves sending both IKE\r\npackets for Security Association (SA) establishment and Encapsulating\r\nSecurity Payload (ESP) packets over a TCP connection.  This method is\r\nintended to be used as a fallback option when IKE cannot be\r\nnegotiated over UDP. \r\n\r\nTCP encapsulation for IKE and IPsec was defined in RFC 8229. This\r\ndocument clarifies the specification for TCP encapsulation by\r\nincluding additional clarifications obtained during implementation\r\nand deployment of this method. This documents obsoletes RFC 8229.","pub_date":"November 2022","keywords":["IKE","IKEv2","IPsec","TCP"],"obsoletes":["RFC8229"],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9329","errata_url":null}