Since 11.0R6, SR OS supports IKEv2 remote-access tunnel, the difference between a remote-access tunnel and LAN-to-LAN tunnel is remote-access tunnel allows client to request an internal address (and other attributes like DNS address) via IKEv2 configuration payload. The SR OS supports IKEv2 remote-access tunnel with following features:
authentication methods:
pre-shared-key with RADIUS (psk-radius) or without RADIUS (psk)
certificate with RADIUS (cert-radius) or without RADIUS (cert)
EAP/EAP-Only with RADIUS
internal address assignment via IKEv2 configuration payload
address assignment support:
RADIUS server based
local address assignment
RADIUS accounting to report address usage
RADIUS disconnect message to remove tunnel
NAT-Traversal support
support MC-IPsec
The SR OS only supports address assignments in first CHILD_SA negotiation.