{"draft":"draft-mglt-ipsecme-clone-ike-sa-09","doc_id":"RFC7791","title":"Cloning the IKE Security Association in the Internet Key Exchange Protocol Version 2 (IKEv2)","authors":["D. Migault, Ed.","V. Smyslov"],"format":["ASCII","HTML"],"page_count":"14","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IETF - NON WORKING GROUP","abstract":"This document considers a VPN end user establishing an IPsec Security\r\nAssociation (SA) with a Security Gateway using the Internet Key\r\nExchange Protocol version 2 (IKEv2), where at least one of the peers\r\nhas multiple interfaces or where Security Gateway is a cluster with\r\neach node having its own IP address.\r\n\r\nThe protocol described allows a peer to clone an IKEv2 SA, where an\r\nadditional SA is derived from an existing one.  The newly created IKE\r\nSA is set without the IKEv2 authentication exchange.  This IKE SA can\r\nlater be assigned to another interface or moved to another cluster\r\nnode.","pub_date":"March 2016","keywords":["MIF","Load balancing","Load sharing","MOBIKE"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7791","errata_url":null}