Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2

Document Type Expired Internet-Draft (individual)
Author Valery Smyslov 
Last updated 2020-06-19 (latest revision 2019-12-17)
Replaces draft-smyslov-ipsec-tcp-guidelines
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The Internet Key Exchange Protocol version 2 (IKEv2) defined in [RFC7296] uses UDP transport for its messages. [RFC8229] specifies a way to encapsulate IKEv2 and ESP (Encapsulating Security Payload) messages in TCP, thus making possible to use them in network environments that block UDP traffic. However, some nuances of using TCP in IKEv2 are not covered by that specification. This document provides clarifications and implementation guidelines for [RFC8229].


Valery Smyslov (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)