1.7 Versioning and Capability Negotiation

  • Article

This section covers versioning issues in the following areas:

  • Protocol Versions: The protocol version is part of the ISAKMP header. IKEv1 uses protocol version 1.0, as specified in [RFC2408] section 3.1. IKEv2 uses protocol version 2.0, as specified in [RFC4306] section 3.1.

  • Security and Authentication Methods: IKE supports multiple authentication and encryption algorithms for both the MM SAs and QM SAs, as specified in [RFC2408] section 5.6. IKE supports the negotiation of the authentication method, the Diffie-Hellman group, and the hashing and authentication algorithm using [RFC2409], [GSS], or [RFC3972].<4>

  • Cryptographic Parameters: Cryptographic parameters are negotiated in different phases of the protocol (that is, initial exchange, MM, and quick mode, as specified in [RFC2409] section 5). Details about algorithm and parameter numbers are specified in [IANAIPSEC] and [IANAISAKMP].<5>

  • Capability Negotiation: IKE can advertise specific capabilities through vendor ID payloads, as specified in [RFC2408] section 3.16.<6>