IKEv2

IKEv2, defined in RFC 4306, Internet Key Exchange (IKEv2) Protocol, is the second version of the Internet Key Exchange Protocol. The main driver of IKEv2 is to simplify and optimize IKEv1. An IKE_SA and a CHILD_SA can be created with only four IKEv2 message exchanges. IKEv2 is supported with the following features:

• static LAN-to-LAN tunnel

• dynamic LAN-to-LAN tunnel

• remote-access tunnel

• pre-shared-key authentication, certificate authentication, EAP (remote-access tunnel only)

• liveness check

• IKE_SA rekey

• CHILD_SA rekey (full Traffic-Selector support including protocol and port range)

• extended ESP sequence number