2.1 Transport

Authenticated Internet Protocol messages are transported over the Internet Security Association and Key Management Protocol (ISAKMP) as specified in [RFC2408], which by default, uses UDP port 500. If a NAT has been detected, the Authenticated Internet Protocol runs over ports 500 and 4500, as specified in [RFC3947] section 4.<5> However, the Authenticated Internet Protocol MAY run over a different set of ports that are mutually agreed upon by the peers.

The Authenticated Internet Protocol payload formats are specified in [RFC2408], with additions defined in section 2.2 of this document. Authenticated Internet Protocol messages have a header with a fixed format, followed by a variable number of payloads. The protocol uses the ISAKMP header format as specified in [RFC2408] section 3.1.

Unless otherwise specified, all fields are sent and encoded in network byte order.