{"draft":"draft-ietf-ipsecme-tcp-encaps-10","doc_id":"RFC8229","title":"TCP Encapsulation of IKE and IPsec Packets","authors":["T. Pauly","S. Touati","R. Mantha"],"format":["ASCII","HTML"],"page_count":"25","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IP Security Maintenance and Extensions","abstract":"This document describes a method to transport Internet Key Exchange\r\nProtocol (IKE) and IPsec packets over a TCP connection for traversing\r\nnetwork middleboxes that may block IKE negotiation over UDP.  This\r\nmethod, referred to as \"TCP encapsulation\", involves sending both IKE\r\npackets for Security Association establishment and Encapsulating\r\nSecurity Payload (ESP) packets over a TCP connection.  This method is\r\nintended to be used as a fallback option when IKE cannot be\r\nnegotiated over UDP.","pub_date":"August 2017","keywords":["IKE","IKEv2","IPsec","TCP"],"obsoletes":[],"obsoleted_by":["RFC9329"],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8229","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc8229"}