Internet Key Exchange Version 2 (IKEv2) Parameters (original) (raw)
Created
2005-01-18
Last Updated
2025-05-23
Available Formats
XML
HTML
Plain textRegistries Included Below
- IKEv2 Exchange Types
- IKEv2 Payload Types
- Transform Type Values
- IKEv2 Transform Attribute Types
- Transform Type 1 - Encryption Algorithm Transform IDs
- Transform Type 2 - Pseudorandom Function Transform IDs
- Transform Type 3 - Integrity Algorithm Transform IDs
- Transform Type 4 - Key Exchange Method Transform IDs
- Transform Type 5 - Sequence Numbers Transform IDs
- Transform Type 13 - Key Wrap Algorithm Transform IDs
- Transform Type 14 - Group Controller Authentication Method Transform IDs
- IKEv2 Identification Payload ID Types
- IKEv2 Certificate Encodings
- IKEv2 Authentication Method
- IKEv2 Notify Message Error Types
- IKEv2 Notify Message Status Types
- IKEv2 Notification IPCOMP Transform IDs (Value 16387)
- IKEv2 Security Protocol Identifiers
- IKEv2 Traffic Selector Types
- IKEv2 Configuration Payload CFG Types
- IKEv2 Configuration Payload Attribute Types
- IKEv2 Gateway Identity Types
- ROHC Attribute Types
- IKEv2 Secure Password Methods
- IKEv2 Hash Algorithms
- IKEv2 Post-quantum Preshared Key ID Types
- GSA Attributes
- Group-wide Policy Attributes
- Group Key Bag Attributes
- Member Key Bag Attributes
IKEv2 Exchange Types
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Available Formats
CSV| Value | Exchange Type | Reference |
|---|---|---|
| 0-33 | Reserved | [RFC7296] |
| 34 | IKE_SA_INIT | [RFC7296] |
| 35 | IKE_AUTH | [RFC7296] |
| 36 | CREATE_CHILD_SA | [RFC7296] |
| 37 | INFORMATIONAL | [RFC7296] |
| 38 | IKE_SESSION_RESUME | [RFC5723] |
| 39 | GSA_AUTH | [RFC-ietf-ipsecme-g-ikev2-21] |
| 40 | GSA_REGISTRATION | [RFC-ietf-ipsecme-g-ikev2-21] |
| 41 | GSA_REKEY | [RFC-ietf-ipsecme-g-ikev2-21] |
| 42 | GSA_INBAND_REKEY | [RFC-ietf-ipsecme-g-ikev2-21] |
| 43 | IKE_INTERMEDIATE | [RFC9242] |
| 44 | IKE_FOLLOWUP_KE | [RFC9370] |
| 45-239 | Unassigned | |
| 240-255 | Reserved for Private Use | [RFC7296] |
IKEv2 Payload Types
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Available Formats
| Value | Next Payload Type | Notation | Reference |
|---|---|---|---|
| 0 | No Next Payload | [RFC7296] | |
| 1-32 | Reserved | [RFC7296] | |
| 33 | Security Association Security Association - GM Supported Transforms | SA SAg | [RFC7296] [RFC-ietf-ipsecme-g-ikev2-21] |
| 34 | Key Exchange | KE | [RFC7296] |
| 35 | Identification - Initiator | IDi | [RFC7296] |
| 36 | Identification - Responder | IDr | [RFC7296] |
| 37 | Certificate | CERT | [RFC7296] |
| 38 | Certificate Request | CERTREQ | [RFC7296] |
| 39 | Authentication | AUTH | [RFC7296] |
| 40 | Nonce | Ni, Nr | [RFC7296] |
| 41 | Notify | N | [RFC7296] |
| 42 | Delete | D | [RFC7296] |
| 43 | Vendor ID | V | [RFC7296] |
| 44 | Traffic Selector - Initiator | TSi | [RFC7296] |
| 45 | Traffic Selector - Responder | TSr | [RFC7296] |
| 46 | Encrypted and Authenticated | SK | [RFC7296] |
| 47 | Configuration | CP | [RFC7296] |
| 48 | Extensible Authentication | EAP | [RFC7296] |
| 49 | Generic Secure Password Method | GSPM | [RFC6467] |
| 50 | Group Identification | IDg | [RFC-ietf-ipsecme-g-ikev2-21] |
| 51 | Group Security Association | GSA | [RFC-ietf-ipsecme-g-ikev2-21] |
| 52 | Key Download | KD | [RFC-ietf-ipsecme-g-ikev2-21] |
| 53 | Encrypted and Authenticated Fragment | SKF | [RFC7383] |
| 54 | Puzzle Solution | PS | [RFC8019] |
| 55-127 | Unassigned | ||
| 128-255 | Reserved for Private Use | [RFC7296] |
Transform Type Values
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
Note
"Key Exchange Method (KE)" transform type was originally named "Diffie-Hellman Group (D-H)" and was referenced by that name in a number of RFCs published prior to [RFC9370], which gave it the current title.
Note
All "Additional Key Exchange (ADDKE)" entries use the same "Transform Type 4 - Key Exchange Method Transform IDs" registry as the "Key Exchange Method (KE)" entry.
Note
"Sequence Numbers (SN)" transform type was originally named "Extended Sequence Numbers (ESN)" and was referenced by that name in a number of RFCs published prior to [RFC-ietf-ipsecme-ikev2-rename-esn-04], which gave it the current title.
Available Formats
| Type | Description | Used In | Reference |
|---|---|---|---|
| 0 | Reserved | [RFC7296] | |
| 1 | Encryption Algorithm (ENCR) | (IKE, GIKE_UPDATE, ESP) | [RFC7296][RFC-ietf-ipsecme-g-ikev2-21] |
| 2 | Pseudo-random Function (PRF) | (IKE) | [RFC7296] |
| 3 | Integrity Algorithm (INTEG) | (IKE, GIKE_UPDATE, AH, optional in ESP) | [RFC7296][RFC-ietf-ipsecme-g-ikev2-21] |
| 4 | Key Exchange Method (KE) | (IKE, optional in AH, ESP) | [RFC7296][RFC9370] |
| 5 | Sequence Numbers (SN) | (AH, ESP) | [RFC7296][RFC-ietf-ipsecme-ikev2-rename-esn-04] |
| 6 | Additional Key Exchange 1 (ADDKE1) | (optional in IKE, AH, ESP) | [RFC9370] |
| 7 | Additional Key Exchange 2 (ADDKE2) | (optional in IKE, AH, ESP) | [RFC9370] |
| 8 | Additional Key Exchange 3 (ADDKE3) | (optional in IKE, AH, ESP) | [RFC9370] |
| 9 | Additional Key Exchange 4 (ADDKE4) | (optional in IKE, AH, ESP) | [RFC9370] |
| 10 | Additional Key Exchange 5 (ADDKE5) | (optional in IKE, AH, ESP) | [RFC9370] |
| 11 | Additional Key Exchange 6 (ADDKE6) | (optional in IKE, AH, ESP) | [RFC9370] |
| 12 | Additional Key Exchange 7 (ADDKE7) | (optional in IKE, AH, ESP) | [RFC9370] |
| 13 | Key Wrap Algorithm (KWA) | (IKE, GIKE_UPDATE) | [RFC-ietf-ipsecme-g-ikev2-21] |
| 14 | Group Controller Authentication Method (GCAUTH) | (GIKE_UPDATE) | [RFC-ietf-ipsecme-g-ikev2-21] |
| 15-240 | Unassigned | ||
| 241-255 | Reserved for Private Use | [RFC7296] |
IKEv2 Transform Attribute Types
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Available Formats
| Value | Attribute Type | Format | Reference |
|---|---|---|---|
| 0-13 | Reserved | [RFC7296] | |
| 14 | Key Length (in bits) | TV | [RFC7296] |
| 15-17 | Reserved | [RFC7296] | |
| 18 | Signature Algorithm Identifier | TLV | [RFC-ietf-ipsecme-g-ikev2-21] |
| 19-16383 | Unassigned | ||
| 16384-32767 | Reserved for Private Use | [RFC7296] |
Transform Type 1 - Encryption Algorithm Transform IDs
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
Note
To find out requirement levels for encryption algorithms for ESP, see [RFC8221]. For IKEv2, see [RFC8247].
Available Formats
| Number | Name | Status | ESP Reference | IKEv2 Reference |
|---|---|---|---|---|
| 0 | Reserved | [RFC7296] | - | |
| 1 | ENCR_DES_IV64 | DEPRECATED [RFC9395] | UNSPECIFIED | - |
| 2 | ENCR_DES | DEPRECATED [RFC8247] | [RFC2405] | [RFC7296] |
| 3 | ENCR_3DES | [RFC2451] | [RFC7296] | |
| 4 | ENCR_RC5 | DEPRECATED [RFC9395] | [RFC2451] | [RFC7296] |
| 5 | ENCR_IDEA | DEPRECATED [RFC9395] | [RFC2451] | [RFC7296] |
| 6 | ENCR_CAST | DEPRECATED [RFC9395] | [RFC2451] | [RFC7296] |
| 7 | ENCR_BLOWFISH | DEPRECATED [RFC9395] | [RFC2451] | [RFC7296] |
| 8 | ENCR_3IDEA | DEPRECATED [RFC9395] | UNSPECIFIED | [RFC7296] |
| 9 | ENCR_DES_IV32 | DEPRECATED [RFC9395] | UNSPECIFIED | - |
| 10 | Reserved | [RFC7296] | - | |
| 11 | ENCR_NULL | [RFC2410] | Not allowed | |
| 12 | ENCR_AES_CBC | [RFC3602] | [RFC7296] | |
| 13 | ENCR_AES_CTR | [RFC3686] | [RFC5930] | |
| 14 | ENCR_AES_CCM_8 | [RFC4309] | [RFC5282] | |
| 15 | ENCR_AES_CCM_12 | [RFC4309] | [RFC5282] | |
| 16 | ENCR_AES_CCM_16 | [RFC4309] | [RFC5282] | |
| 17 | Unassigned | |||
| 18 | ENCR_AES_GCM_8 | [RFC4106] [RFC8247] | [RFC5282] [RFC8247] | |
| 19 | ENCR_AES_GCM_12 | [RFC4106] [RFC8247] | [RFC5282] [RFC8247] | |
| 20 | ENCR_AES_GCM_16 | [RFC4106] [RFC8247] | [RFC5282] [RFC8247] | |
| 21 | ENCR_NULL_AUTH_AES_GMAC | [RFC4543] | Not allowed | |
| 22 | Reserved for IEEE P1619 XTS-AES | [Matt_Ball] | - | |
| 23 | ENCR_CAMELLIA_CBC | [RFC5529] | [RFC7296] | |
| 24 | ENCR_CAMELLIA_CTR | [RFC5529] | - | |
| 25 | ENCR_CAMELLIA_CCM_8 | [RFC5529] [RFC8247] | - | |
| 26 | ENCR_CAMELLIA_CCM_12 | [RFC5529] [RFC8247] | - | |
| 27 | ENCR_CAMELLIA_CCM_16 | [RFC5529] [RFC8247] | - | |
| 28 | ENCR_CHACHA20_POLY1305 | [RFC7634] | [RFC7634] | |
| 29 | ENCR_AES_CCM_8_IIV | [RFC8750] | Not allowed | |
| 30 | ENCR_AES_GCM_16_IIV | [RFC8750] | Not allowed | |
| 31 | ENCR_CHACHA20_POLY1305_IIV | [RFC8750] | Not allowed | |
| 32 | ENCR_KUZNYECHIK_MGM_KTREE | [RFC9227] | [RFC9227] | |
| 33 | ENCR_MAGMA_MGM_KTREE | [RFC9227] | [RFC9227] | |
| 34 | ENCR_KUZNYECHIK_MGM_MAC_KTREE | [RFC9227] | Not allowed | |
| 35 | ENCR_MAGMA_MGM_MAC_KTREE | [RFC9227] | Not allowed | |
| 36-1023 | Unassigned | |||
| 1024-65535 | Reserved for Private Use | [RFC7296] | [RFC7296] |
Transform Type 2 - Pseudorandom Function Transform IDs
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
Note
To find out requirement levels for PRFs for IKEv2, see [RFC8247].
Available Formats
| Number | Name | Status | Reference |
|---|---|---|---|
| 0 | Reserved | [RFC7296] | |
| 1 | PRF_HMAC_MD5 | DEPRECATED [RFC8247] | [RFC2104] |
| 2 | PRF_HMAC_SHA1 | [RFC2104] | |
| 3 | PRF_HMAC_TIGER | DEPRECATED [RFC9395] | [UNSPECIFIED] |
| 4 | PRF_AES128_XCBC | [RFC4434] | |
| 5 | PRF_HMAC_SHA2_256 | [RFC4868] | |
| 6 | PRF_HMAC_SHA2_384 | [RFC4868] | |
| 7 | PRF_HMAC_SHA2_512 | [RFC4868] | |
| 8 | PRF_AES128_CMAC | [RFC4615] | |
| 9 | PRF_HMAC_STREEBOG_512 | [RFC9385] | |
| 10-1023 | Unassigned | ||
| 1024-65535 | Reserved for Private Use | [RFC7296] |
Transform Type 3 - Integrity Algorithm Transform IDs
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
Note
To find out requirement levels for encryption algorithms for ESP/AH, see [RFC8221]. For IKEv2, see [RFC8247].
Available Formats
| Number | Name | Status | Reference |
|---|---|---|---|
| 0 | NONE | [RFC7296] | |
| 1 | AUTH_HMAC_MD5_96 | DEPRECATED [RFC8247] | [RFC2403][RFC7296] |
| 2 | AUTH_HMAC_SHA1_96 | [RFC2404][RFC7296] | |
| 3 | AUTH_DES_MAC | DEPRECATED [RFC8247] | [UNSPECIFIED] |
| 4 | AUTH_KPDK_MD5 | DEPRECATED [RFC8247] | [UNSPECIFIED] |
| 5 | AUTH_AES_XCBC_96 | [RFC3566][RFC7296] | |
| 6 | AUTH_HMAC_MD5_128 | DEPRECATED [RFC9395] | [RFC4595] |
| 7 | AUTH_HMAC_SHA1_160 | DEPRECATED [RFC9395] | [RFC4595] |
| 8 | AUTH_AES_CMAC_96 | [RFC4494] | |
| 9 | AUTH_AES_128_GMAC | [RFC4543] | |
| 10 | AUTH_AES_192_GMAC | [RFC4543] | |
| 11 | AUTH_AES_256_GMAC | [RFC4543] | |
| 12 | AUTH_HMAC_SHA2_256_128 | [RFC4868] | |
| 13 | AUTH_HMAC_SHA2_384_192 | [RFC4868] | |
| 14 | AUTH_HMAC_SHA2_512_256 | [RFC4868] | |
| 15-1023 | Unassigned | ||
| 1024-65535 | Reserved for Private Use | [RFC7296] |
Transform Type 4 - Key Exchange Method Transform IDs
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296][RFC6989][RFC9370][RFC9395]
Note
This registry was originally named "Transform Type 4 - Diffie-Hellman Group Transform IDs" and was referenced using that name in a number of RFCs published prior to [RFC9370], which gave it its current title.
Note
This registry is used by the "Key Exchange Method (KE)" transform type and by all "Additional Key Exchange (ADDKE)" transform types.
Note
To find out requirement levels for key exchange methods for IKEv2, see [RFC8247].
Note
The instructions for the designated experts are described
in [RFC9370]. While adding new Key Exchange (KE) methods,
the following considerations must be applied. A key
exchange method must take exactly one round trip (one IKEv2
exchange) and at the end of this exchange, both peers must
be able to derive the shared secret. In addition, any
public value that peersexchanged during a key exchange
method must fit into asingle IKEv2 payload. If these
restrictions are not metfor a key exchange method, then
there must be documentationon how this key exchange method
is used in IKEv2.
Available Formats
| Number | Name | Status | Recipient Tests | Reference |
|---|---|---|---|---|
| 0 | NONE | [RFC7296] | ||
| 1 | 768-bit MODP Group | DEPRECATED [RFC8247] | [RFC6989], Sec. 2.1 | [RFC7296] |
| 2 | 1024-bit MODP Group | [RFC6989], Sec. 2.1 | [RFC7296] | |
| 3-4 | Reserved | [RFC7296] | ||
| 5 | 1536-bit MODP Group | [RFC6989], Sec. 2.1 | [RFC3526] | |
| 6-13 | Unassigned | [RFC7296] | ||
| 14 | 2048-bit MODP Group | [RFC6989], Sec. 2.1 | [RFC3526] | |
| 15 | 3072-bit MODP Group | [RFC6989], Sec. 2.1 | [RFC3526] | |
| 16 | 4096-bit MODP Group | [RFC6989], Sec. 2.1 | [RFC3526] | |
| 17 | 6144-bit MODP Group | [RFC6989], Sec. 2.1 | [RFC3526] | |
| 18 | 8192-bit MODP Group | [RFC6989], Sec. 2.1 | [RFC3526] | |
| 19 | 256-bit random ECP group | [RFC6989], Sec. 2.3 | [RFC5903] | |
| 20 | 384-bit random ECP group | [RFC6989], Sec. 2.3 | [RFC5903] | |
| 21 | 521-bit random ECP group | [RFC6989], Sec. 2.3 | [RFC5903] | |
| 22 | 1024-bit MODP Group with 160-bit Prime Order Subgroup | DEPRECATED [RFC8247] | [RFC6989], Sec. 2.2 | [RFC5114] |
| 23 | 2048-bit MODP Group with 224-bit Prime Order Subgroup | [RFC6989], Sec. 2.2 | [RFC5114] | |
| 24 | 2048-bit MODP Group with 256-bit Prime Order Subgroup | [RFC6989], Sec. 2.2 | [RFC5114] | |
| 25 | 192-bit Random ECP Group | [RFC6989], Sec. 2.3 | [RFC5114] | |
| 26 | 224-bit Random ECP Group | [RFC6989], Sec. 2.3 | [RFC5114] | |
| 27 | brainpoolP224r1 | [RFC6989], Sec. 2.3 | [RFC6954] | |
| 28 | brainpoolP256r1 | [RFC6989], Sec. 2.3 | [RFC6954] | |
| 29 | brainpoolP384r1 | [RFC6989], Sec. 2.3 | [RFC6954] | |
| 30 | brainpoolP512r1 | [RFC6989], Sec. 2.3 | [RFC6954] | |
| 31 | Curve25519 | [RFC8031], Sec. 3.2 | [RFC8031] | |
| 32 | Curve448 | [RFC8031], Sec. 3.2 | [RFC8031] | |
| 33 | GOST3410_2012_256 | [RFC9385, Sec. 6.1] | [RFC9385] | |
| 34 | GOST3410_2012_512 | [RFC9385, Sec. 6.1] | [RFC9385] | |
| 35 | ml-kem-512 | [draft-kampanakis-ml-kem-ikev2-08, Sec. 2.3] | [draft-kampanakis-ml-kem-ikev2-08] | |
| 36 | ml-kem-768 | [draft-kampanakis-ml-kem-ikev2-08, Sec. 2.3] | [draft-kampanakis-ml-kem-ikev2-08] | |
| 37 | ml-kem-1024 | [draft-kampanakis-ml-kem-ikev2-08, Sec. 2.3] | [draft-kampanakis-ml-kem-ikev2-08] | |
| 38-1023 | Unassigned | |||
| 1024-65535 | Reserved for Private Use | [RFC7296] |
Transform Type 5 - Sequence Numbers Transform IDs
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296][RFC-ietf-ipsecme-ikev2-rename-esn-04]
Note
This registry was originally named "Transform Type 5 - Extended Sequence Numbers Transform IDs" and was referenced using that name in a number of RFCs published prior to [RFC-ietf-ipsecme-ikev2-rename-esn-04], which gave it the current title.
Note
"32-bit Sequential Numbers" transform ID was originally named "No Extended Sequence Numbers" and was referenced by that name in a number of RFCs published prior to [RFC-ietf-ipsecme-ikev2-rename-esn-04], which gave it the current title.
Note
"Partially Transmitted 64-bit Sequential Numbers" transform ID was originally named "Extended Sequence Numbers" and was referenced by that name in a number of RFCs published prior to [RFC-ietf-ipsecme-ikev2-rename-esn-04], which gave it the current title.
Note
Numbers in the range 2-65535 were originally marked as "Reserved" referencing [RFC7296], and were re-classified as "Unassigned" and "Private Use" by [RFC-ietf-ipsecme-ikev2-rename-esn-04].
Available Formats
| Number | Name | Reference |
|---|---|---|
| 0 | 32-bit Sequential Numbers | [RFC7296][RFC-ietf-ipsecme-ikev2-rename-esn-04] |
| 1 | Partially Transmitted 64-bit Sequential Numbers | [RFC7296][RFC-ietf-ipsecme-ikev2-rename-esn-04] |
| 2 | 32-bit Unspecified Numbers | [RFC-ietf-ipsecme-g-ikev2-21] |
| 3-1023 | Unassigned | |
| 1024-65535 | Reserved for Private Use | [RFC-ietf-ipsecme-ikev2-rename-esn-04] |
Transform Type 13 - Key Wrap Algorithm Transform IDs
Registration Procedure(s)
Expert Review
Expert(s)
Unassigned
Reference
Available Formats
| Value | Key Wrap Algorithm | Reference |
|---|---|---|
| 0 | Reserved | [RFC-ietf-ipsecme-g-ikev2-21] |
| 1 | KW_5649_128 | [RFC-ietf-ipsecme-g-ikev2-21] |
| 2 | KW_5649_192 | [RFC-ietf-ipsecme-g-ikev2-21] |
| 3 | KW_5649_256 | [RFC-ietf-ipsecme-g-ikev2-21] |
| 4 | KW_ARX | [RFC-ietf-ipsecme-g-ikev2-21] |
| 5-1023 | Unassigned | |
| 1024-65535 | Reserved for Private Use | [RFC-ietf-ipsecme-g-ikev2-21] |
Transform Type 14 - Group Controller Authentication Method Transform IDs
Registration Procedure(s)
Expert Review
Expert(s)
Unassigned
Reference
Available Formats
| Value | Group Controller Authentication Method | Reference |
|---|---|---|
| 0 | Reserved | [RFC-ietf-ipsecme-g-ikev2-21] |
| 1 | Implicit | [RFC-ietf-ipsecme-g-ikev2-21] |
| 2 | Digital Signature | [RFC-ietf-ipsecme-g-ikev2-21] |
| 3-1023 | Unassigned | |
| 1024-65535 | Reserved for Private Use | [RFC-ietf-ipsecme-g-ikev2-21] |
IKEv2 Identification Payload ID Types
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen
Reference
[RFC7296]
Available Formats
| Value | ID Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC7296] |
| 1 | ID_IPV4_ADDR | [RFC7296] |
| 2 | ID_FQDN | [RFC7296] |
| 3 | ID_RFC822_ADDR | [RFC7296] |
| 4 | Unassigned | [RFC7296] |
| 5 | ID_IPV6_ADDR | [RFC7296] |
| 6-8 | Unassigned | [RFC7296] |
| 9 | ID_DER_ASN1_DN | [RFC7296] |
| 10 | ID_DER_ASN1_GN | [RFC7296] |
| 11 | ID_KEY_ID | [RFC7296] |
| 12 | ID_FC_NAME | [RFC4595] |
| 13 | ID_NULL | [RFC7619] |
| 14-200 | Unassigned | |
| 201-255 | Reserved for Private Use | [RFC7296] |
IKEv2 Certificate Encodings
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Available Formats
| Value | Certificate Encoding | Reference |
|---|---|---|
| 0 | Reserved | [RFC7296] |
| 1 | PKCS #7 wrapped X.509 certificate | [UNSPECIFIED] |
| 2 | PGP Certificate | [UNSPECIFIED] |
| 3 | DNS Signed Key | [UNSPECIFIED] |
| 4 | X.509 Certificate - Signature | [RFC7296] |
| 5 | Reserved | [RFC7296] |
| 6 | Kerberos Token | [UNSPECIFIED] |
| 7 | Certificate Revocation List (CRL) | [RFC7296] |
| 8 | Authority Revocation List (ARL) | [UNSPECIFIED] |
| 9 | SPKI Certificate | [UNSPECIFIED] |
| 10 | X.509 Certificate - Attribute | [UNSPECIFIED] |
| 11 | Raw RSA Key (DEPRECATED) | [RFC7296] |
| 12 | Hash and URL of X.509 certificate | [RFC7296] |
| 13 | Hash and URL of X.509 bundle | [RFC7296] |
| 14 | OCSP Content | [RFC4806] |
| 15 | Raw Public Key | [RFC7670] |
| 16-200 | Unassigned | |
| 201-255 | Reserved for Private Use | [RFC7296] |
IKEv2 Authentication Method
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Note
To find out requirement levels for IKEv2 authentication methods, see [RFC8247].
Available Formats
| Value | Authentication Method | Reference |
|---|---|---|
| 0 | Reserved | [RFC7296] |
| 1 | RSA Digital Signature | [RFC7296] |
| 2 | Shared Key Message Integrity Code | [RFC7296] |
| 3 | DSS Digital Signature | [RFC7296] |
| 4-8 | Unassigned | [RFC7296] |
| 9 | ECDSA with SHA-256 on the P-256 curve | [RFC4754] |
| 10 | ECDSA with SHA-384 on the P-384 curve | [RFC4754] |
| 11 | ECDSA with SHA-512 on the P-521 curve | [RFC4754] |
| 12 | Generic Secure Password Authentication Method | [RFC6467] |
| 13 | NULL Authentication | [RFC7619] |
| 14 | Digital Signature | [RFC7427] |
| 15-200 | Unassigned | |
| 201-255 | Reserved for Private Use | [RFC7296] |
IKEv2 Notify Message Error Types
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Available Formats
| Range | Registration Procedures |
|---|---|
| 0-8191 | Expert Review |
| 8192-16383 | Private Use |
| Value | Notify Message Error Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC7296] |
| 1 | UNSUPPORTED_CRITICAL_PAYLOAD | [RFC7296] |
| 2-3 | Reserved | [RFC7296] |
| 4 | INVALID_IKE_SPI | [RFC7296] |
| 5 | INVALID_MAJOR_VERSION | [RFC7296] |
| 6 | Reserved | [RFC7296] |
| 7 | INVALID_SYNTAX | [RFC7296] |
| 8 | Reserved | [RFC7296] |
| 9 | INVALID_MESSAGE_ID | [RFC7296] |
| 10 | Reserved | [RFC7296] |
| 11 | INVALID_SPI | [RFC7296] |
| 12-13 | Reserved | [RFC7296] |
| 14 | NO_PROPOSAL_CHOSEN | [RFC7296] |
| 15-16 | Reserved | [RFC7296] |
| 17 | INVALID_KE_PAYLOAD | [RFC7296] |
| 18-23 | Reserved | [RFC7296] |
| 24 | AUTHENTICATION_FAILED | [RFC7296] |
| 25-33 | RESERVED | [RFC7296] |
| 34 | SINGLE_PAIR_REQUIRED | [RFC7296] |
| 35 | NO_ADDITIONAL_SAS | [RFC7296] |
| 36 | INTERNAL_ADDRESS_FAILURE | [RFC7296] |
| 37 | FAILED_CP_REQUIRED | [RFC7296] |
| 38 | TS_UNACCEPTABLE | [RFC7296] |
| 39 | INVALID_SELECTORS | [RFC7296] |
| 40 | UNACCEPTABLE_ADDRESSES | [RFC4555] |
| 41 | UNEXPECTED_NAT_DETECTED | [RFC4555] |
| 42 | USE_ASSIGNED_HoA | [RFC5026] |
| 43 | TEMPORARY_FAILURE | [RFC7296] |
| 44 | CHILD_SA_NOT_FOUND | [RFC7296] |
| 45 | INVALID_GROUP_ID | [RFC-ietf-ipsecme-g-ikev2-21] |
| 46 | AUTHORIZATION_FAILED | [RFC-ietf-ipsecme-g-ikev2-21] |
| 47 | STATE_NOT_FOUND | [RFC9370] |
| 48 | TS_MAX_QUEUE | [RFC9611] |
| 49 | REGISTRATION_FAILED | [RFC-ietf-ipsecme-g-ikev2-21] |
| 50-8191 | Unassigned | |
| 8192-16383 | Reserved for Private Use | [RFC7296] |
IKEv2 Notify Message Status Types
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Available Formats
| Range | Registration Procedures |
|---|---|
| 16384-40959 | Expert Review |
| 40960-65535 | Private Use |
| Value | Notify Message Status Type | Reference |
|---|---|---|
| 16384 | INITIAL_CONTACT | [RFC7296] |
| 16385 | SET_WINDOW_SIZE | [RFC7296] |
| 16386 | ADDITIONAL_TS_POSSIBLE | [RFC7296] |
| 16387 | IPCOMP_SUPPORTED | [RFC7296] |
| 16388 | NAT_DETECTION_SOURCE_IP | [RFC7296] |
| 16389 | NAT_DETECTION_DESTINATION_IP | [RFC7296] |
| 16390 | COOKIE | [RFC7296] |
| 16391 | USE_TRANSPORT_MODE | [RFC7296] |
| 16392 | HTTP_CERT_LOOKUP_SUPPORTED | [RFC7296] |
| 16393 | REKEY_SA | [RFC7296] |
| 16394 | ESP_TFC_PADDING_NOT_SUPPORTED | [RFC7296] |
| 16395 | NON_FIRST_FRAGMENTS_ALSO | [RFC7296] |
| 16396 | MOBIKE_SUPPORTED | [RFC4555] |
| 16397 | ADDITIONAL_IP4_ADDRESS | [RFC4555] |
| 16398 | ADDITIONAL_IP6_ADDRESS | [RFC4555] |
| 16399 | NO_ADDITIONAL_ADDRESSES | [RFC4555] |
| 16400 | UPDATE_SA_ADDRESSES | [RFC4555] |
| 16401 | COOKIE2 | [RFC4555] |
| 16402 | NO_NATS_ALLOWED | [RFC4555] |
| 16403 | AUTH_LIFETIME | [RFC4478] |
| 16404 | MULTIPLE_AUTH_SUPPORTED | [RFC4739] |
| 16405 | ANOTHER_AUTH_FOLLOWS | [RFC4739] |
| 16406 | REDIRECT_SUPPORTED | [RFC5685] |
| 16407 | REDIRECT | [RFC5685] |
| 16408 | REDIRECTED_FROM | [RFC5685] |
| 16409 | TICKET_LT_OPAQUE | [RFC5723] |
| 16410 | TICKET_REQUEST | [RFC5723] |
| 16411 | TICKET_ACK | [RFC5723] |
| 16412 | TICKET_NACK | [RFC5723] |
| 16413 | TICKET_OPAQUE | [RFC5723] |
| 16414 | LINK_ID | [RFC5739] |
| 16415 | USE_WESP_MODE | [RFC5840] |
| 16416 | ROHC_SUPPORTED | [RFC5857] |
| 16417 | EAP_ONLY_AUTHENTICATION | [RFC5998] |
| 16418 | CHILDLESS_IKEV2_SUPPORTED | [RFC6023] |
| 16419 | QUICK_CRASH_DETECTION | [RFC6290] |
| 16420 | IKEV2_MESSAGE_ID_SYNC_SUPPORTED | [RFC6311] |
| 16421 | IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED | [RFC6311] |
| 16422 | IKEV2_MESSAGE_ID_SYNC | [RFC6311] |
| 16423 | IPSEC_REPLAY_COUNTER_SYNC | [RFC6311] |
| 16424 | SECURE_PASSWORD_METHODS | [RFC6467] |
| 16425 | PSK_PERSIST | [RFC6631] |
| 16426 | PSK_CONFIRM | [RFC6631] |
| 16427 | ERX_SUPPORTED | [RFC6867] |
| 16428 | IFOM_CAPABILITY | [Frederic_Firmin][3GPP TS 24.303 v10.6.0 annex B.2] |
| 16429 | GROUP_SENDER | [RFC-ietf-ipsecme-g-ikev2-21] |
| 16430 | IKEV2_FRAGMENTATION_SUPPORTED | [RFC7383] |
| 16431 | SIGNATURE_HASH_ALGORITHMS | [RFC7427] |
| 16432 | CLONE_IKE_SA_SUPPORTED | [RFC7791] |
| 16433 | CLONE_IKE_SA | [RFC7791] |
| 16434 | PUZZLE | [RFC8019] |
| 16435 | USE_PPK | [RFC8784] |
| 16436 | PPK_IDENTITY | [RFC8784] |
| 16437 | NO_PPK_AUTH | [RFC8784] |
| 16438 | INTERMEDIATE_EXCHANGE_SUPPORTED | [RFC9242] |
| 16439 | IP4_ALLOWED | [RFC8983] |
| 16440 | IP6_ALLOWED | [RFC8983] |
| 16441 | ADDITIONAL_KEY_EXCHANGE | [RFC9370] |
| 16442 | USE_AGGFRAG | [RFC9347] |
| 16443 | SUPPORTED_AUTH_METHODS | [RFC9593] |
| 16444 | SA_RESOURCE_INFO | [RFC9611] |
| 16445 | USE_PPK_INT | [RFC-ietf-ipsecme-ikev2-qr-alt-10] |
| 16446 | PPK_IDENTITY_KEY | [RFC-ietf-ipsecme-ikev2-qr-alt-10] |
| 16447-40959 | Unassigned | |
| 40960-65535 | Reserved for Private Use | [RFC7296] |
IKEv2 Notification IPCOMP Transform IDs (Value 16387)
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Note
To find out requirement levels for IPCOMP methods, see [RFC8221].
Available Formats
| Value | Compression Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC7296] |
| 1 | IPCOMP_OUI | [UNSPECIFIED] |
| 2 | IPCOMP_DEFLATE | [RFC2394] |
| 3 | IPCOMP_LZS | [RFC2395] |
| 4 | IPCOMP_LZJH | [RFC3051] |
| 5-240 | Unassigned | |
| 241-255 | Reserved for Private Use | [RFC7296] |
IKEv2 Security Protocol Identifiers
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Available Formats
| Protocol ID | Protocol | Reference |
|---|---|---|
| 0 | Reserved | [RFC7296] |
| 1 | IKE | [RFC7296] |
| 2 | AH | [RFC7296] |
| 3 | ESP | [RFC7296] |
| 4 | FC_ESP_HEADER | [RFC4595] |
| 5 | FC_CT_AUTHENTICATION | [RFC4595] |
| 6 | GIKE_UPDATE | [RFC-ietf-ipsecme-g-ikev2-21] |
| 7-200 | Unassigned | |
| 201-255 | Reserved for Private Use | [RFC7296] |
IKEv2 Traffic Selector Types
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Available Formats
| Value | TS Type | Reference |
|---|---|---|
| 0-6 | Reserved | [RFC7296] |
| 7 | TS_IPV4_ADDR_RANGE | [RFC7296] |
| 8 | TS_IPV6_ADDR_RANGE | [RFC7296] |
| 9 | TS_FC_ADDR_RANGE | [RFC4595] |
| 10 | TS_SECLABEL | [RFC9478] |
| 11-240 | Unassigned | |
| 241-255 | Reserved for Private Use | [RFC7296] |
IKEv2 Configuration Payload CFG Types
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Available Formats
| Value | CFG Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC7296] |
| 1 | CFG_REQUEST | [RFC7296] |
| 2 | CFG_REPLY | [RFC7296] |
| 3 | CFG_SET | [RFC7296] |
| 4 | CFG_ACK | [RFC7296] |
| 5-127 | Unassigned | |
| 128-255 | Reserved for Private Use | [RFC7296] |
IKEv2 Configuration Payload Attribute Types
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7296]
Note
Attribute Types with an "*" may be multi-valued on return only if multiple values were requested.
Available Formats
| Value | Attribute Type | Multi-Valued | Length | Reference |
|---|---|---|---|---|
| 0 | Reserved | [RFC7296] | ||
| 1 | INTERNAL_IP4_ADDRESS | YES* | 0 or 4 octets | [RFC7296] |
| 2 | INTERNAL_IP4_NETMASK | NO | 0 or 4 octets | [RFC7296] |
| 3 | INTERNAL_IP4_DNS | YES | 0 or 4 octets | [RFC7296] |
| 4 | INTERNAL_IP4_NBNS | YES | 0 or 4 octets | [RFC7296] |
| 5 | Reserved | [RFC7296] | ||
| 6 | INTERNAL_IP4_DHCP | YES | 0 or 4 octets | [RFC7296] |
| 7 | APPLICATION_VERSION | NO | 0 or more | [RFC7296] |
| 8 | INTERNAL_IP6_ADDRESS | YES* | 0 or 17 octets | [RFC7296] |
| 9 | Reserved | [RFC7296] | ||
| 10 | INTERNAL_IP6_DNS | YES | 0 or 16 octets | [RFC7296] |
| 11 | Reserved | [RFC7296] | ||
| 12 | INTERNAL_IP6_DHCP | YES | 0 or 16 octets | [RFC7296] |
| 13 | INTERNAL_IP4_SUBNET | YES | 0 or 8 octets | [RFC7296] |
| 14 | SUPPORTED_ATTRIBUTES | NO | Multiple of 2 | [RFC7296] |
| 15 | INTERNAL_IP6_SUBNET | YES | 17 octets | [RFC7296] |
| 16 | MIP6_HOME_PREFIX | YES | 0 or 21 octets | [RFC5026] |
| 17 | INTERNAL_IP6_LINK | NO | 8 or more | [RFC5739] |
| 18 | INTERNAL_IP6_PREFIX | YES | 17 octets | [RFC5739] |
| 19 | HOME_AGENT_ADDRESS | NO | 16 or 20 | [http://www.3gpp.org/ftp/Specs/html-info/24302.htm][John_Meredith] |
| 20 | P_CSCF_IP4_ADDRESS | YES | 0 or 4 octets | [RFC7651] |
| 21 | P_CSCF_IP6_ADDRESS | YES | 0 or 16 octets | [RFC7651] |
| 22 | FTT_KAT | NO | 2 octets | [TS 24.302 12.6.0] |
| 23 | EXTERNAL_SOURCE_IP4_NAT_INFO | NO | 0 or 6 | [TS 29.139][Kimmo_Kymalainen] |
| 24 | TIMEOUT_PERIOD_FOR_LIVENESS_CHECK | NO | 0 or 4 octets | [TS 24.302 13.4.0][Frederic_Firmin] |
| 25 | INTERNAL_DNS_DOMAIN | YES | 0 or more | [RFC8598] |
| 26 | INTERNAL_DNSSEC_TA | YES | 0 or more | [RFC8598] |
| 27 | ENCDNS_IP4 | YES | 0 or more | [RFC9464] |
| 28 | ENCDNS_IP6 | YES | 0 or more | [RFC9464] |
| 29 | ENCDNS_DIGEST_INFO | YES | 0 or more | [RFC9464] |
| 30-16383 | Unassigned | |||
| 16384-32767 | Reserved for Private Use | [RFC7296] |
IKEv2 Gateway Identity Types
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC5685]
Available Formats
| Value | Description | Reference |
|---|---|---|
| 0 | Reserved | [RFC5685] |
| 1 | IPv4 address of the VPN gateway | [RFC5685] |
| 2 | IPv6 address of the VPN gateway | [RFC5685] |
| 3 | FQDN of the VPN gateway | [RFC5685] |
| 4-240 | Unassigned | |
| 241-255 | Reserved for Private Use | [RFC5685] |
ROHC Attribute Types
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC5857]
Available Formats
| Value | ROHC Attribute Type | Format | Reference |
|---|---|---|---|
| 0 | Reserved | [RFC5857] | |
| 1 | Maximum Context Identifier (MAX_CID) | TV | [RFC5857] |
| 2 | ROHC Profile (ROHC_PROFILE) | TV | [RFC5857] |
| 3 | ROHC Integrity Algorithm (ROHC_INTEG) | TV | [RFC5857] |
| 4 | ROHC ICV Length in bytes (ROHC_ICV_LEN) | TV | [RFC5857] |
| 5 | Maximum Reconstructed Reception Unit (MRRU) | TV | [RFC5857] |
| 6-16383 | Unassigned | ||
| 16384-32767 | Reserved for Private Use | [RFC5857] |
IKEv2 Secure Password Methods
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC6467]
Available Formats
| Value | Description | Reference |
|---|---|---|
| 0 | Reserved | [RFC6467] |
| 1 | PACE | [RFC6631] |
| 2 | AugPAKE | [RFC6628] |
| 3 | Secure PSK Authentication | [RFC6617] |
| 4-1023 | Unassigned | |
| 1024-65535 | Reserved for Private Use | [RFC6467] |
IKEv2 Hash Algorithms
Registration Procedure(s)
Expert Review
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC7427]
Note
To find out requirement levels for IKEv2 hash algorithms, see [RFC8247].
Available Formats
| Value | Hash Algorithm | Reference |
|---|---|---|
| 0 | Reserved | [RFC7427] |
| 1 | SHA1 | [RFC7427] |
| 2 | SHA2-256 | [RFC7427] |
| 3 | SHA2-384 | [RFC7427] |
| 4 | SHA2-512 | [RFC7427] |
| 5 | Identity | [RFC8420] |
| 6 | STREEBOG_256 | [RFC9385] |
| 7 | STREEBOG_512 | [RFC9385] |
| 8-1023 | Unassigned | |
| 1024-65535 | Reserved for Private Use | [RFC7427] |
IKEv2 Post-quantum Preshared Key ID Types
Expert(s)
Tero Kivinen, Valery Smyslov
Reference
[RFC8784]
Available Formats
| Range | Registration Procedures |
|---|---|
| 1-127 | Expert Review |
| 128-255 | Private Use |
| Value | PPK_ID Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC8784] |
| 1 | PPK_ID_OPAQUE | [RFC8784] |
| 2 | PPK_ID_FIXED | [RFC8784] |
| 3-127 | Unassigned | |
| 128-255 | Reserved for Private Use | [RFC8784] |
GSA Attributes
Registration Procedure(s)
Expert Review
Expert(s)
Unassigned
Reference
Available Formats
| Value | GSA Attributes | Format | Multi-Valued | Used in Protocol | Reference |
|---|---|---|---|---|---|
| 0 | Reserved | [RFC-ietf-ipsecme-g-ikev2-21] | |||
| 1 | GSA_KEY_LIFETIME | TLV | NO | GIKE_UPDATE, AH, ESP | [RFC-ietf-ipsecme-g-ikev2-21] |
| 2 | GSA_INITIAL_MESSAGE_ID | TLV | NO | GIKE_UPDATE | [RFC-ietf-ipsecme-g-ikev2-21] |
| 3 | GSA_NEXT_SPI | TLV | YES | GIKE_UPDATE, AH, ESP | [RFC-ietf-ipsecme-g-ikev2-21] |
| 5-16383 | Unassigned | ||||
| 16384-32767 | Reserved for Private Use |
Group-wide Policy Attributes
Registration Procedure(s)
Expert Review
Expert(s)
Unassigned
Reference
Available Formats
| Value | GW Policy Attributes | Format | Multi-Valued | Reference |
|---|---|---|---|---|
| 0 | Reserved | [RFC-ietf-ipsecme-g-ikev2-21] | ||
| 1 | GWP_ATD | TV | NO | [RFC-ietf-ipsecme-g-ikev2-21] |
| 2 | GWP_DTD | TV | NO | [RFC-ietf-ipsecme-g-ikev2-21] |
| 3 | GWP_SENDER_ID_BITS | TV | NO | [RFC-ietf-ipsecme-g-ikev2-21] |
| 4-16383 | Unassigned | |||
| 16384-32767 | Reserved for Private Use |
Group Key Bag Attributes
Registration Procedure(s)
Expert Review
Expert(s)
Unassigned
Reference
Available Formats
| Value | Group Key Bag Attributes | Format | Multi-Valued | Used in Protocol | Reference |
|---|---|---|---|---|---|
| 0 | Reserved | [RFC-ietf-ipsecme-g-ikev2-21] | |||
| 1 | SA_KEY | TLV | YES NO | GIKE_UPDATE AH, ESP | [RFC-ietf-ipsecme-g-ikev2-21] [RFC-ietf-ipsecme-g-ikev2-21] |
| 2-16383 | Unassigned | ||||
| 16384-32767 | Reserved for Private Use | [RFC-ietf-ipsecme-g-ikev2-21] |
Member Key Bag Attributes
Registration Procedure(s)
Expert Review
Expert(s)
Unassigned
Reference
Available Formats
| Value | Member Key Bag Attributes | Format | Multi-Valued | Reference |
|---|---|---|---|---|
| 0 | Reserved | [RFC-ietf-ipsecme-g-ikev2-21] | ||
| 1 | WRAP_KEY | TLV | YES | [RFC-ietf-ipsecme-g-ikev2-21] |
| 2 | AUTH_KEY | TLV | NO | [RFC-ietf-ipsecme-g-ikev2-21] |
| 3 | GM_SENDER_ID | TLV | YES | [RFC-ietf-ipsecme-g-ikev2-21] |
| 4-16383 | Unassigned | |||
| 16384-32767 | Reserved for Private Use |
Contact Information
| ID | Name | Contact URI | Last Updated |
|---|---|---|---|
| [Frederic_Firmin] | Frederic Firmin | mailto:frederic.firmin&etsi.org | 2016-03-08 |
| [John_Meredith] | John Meredith | mailto:john.meredith&etsi.org | 2010-05-17 |
| [Kimmo_Kymalainen] | Kimmo Kymalainen | mailto:kimmo.kymalainen&etsi.org | 2015-12-02 |
| [Matt_Ball] | Matt Ball | mailto:matt.ball&ieee.org | 2007-10-11 |