{
  "draft": "draft-ietf-ipsecme-tcp-encaps-10",
  "doc_id": "RFC8229",
  "title": "TCP Encapsulation of IKE and IPsec Packets",
  "authors": [
    "T. Pauly",
    "S. Touati",
    "R. Mantha"
  ],
  "format": [
    "TEXT",
    "HTML"
  ],
  "page_count": "25",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "IP Security Maintenance and Extensions",
  "abstract": "This document describes a method to transport Internet Key Exchange Protocol (IKE) and IPsec packets over a TCP connection for traversing network middleboxes that may block IKE negotiation over UDP.  This method, referred to as \"TCP encapsulation\", involves sending both IKE packets for Security Association establishment and Encapsulating Security Payload (ESP) packets over a TCP connection.  This method is intended to be used as a fallback option when IKE cannot be negotiated over UDP.",
  "pub_date": "August 2017",
  "keywords": [
    "IKE",
    "IKEv2",
    "IPsec",
    "TCP"
  ],
  "obsoletes": [],
  "obsoleted_by": [
    "RFC9329"
  ],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC8229",
  "errata_url": "https://www.rfc-editor.org/errata/rfc8229"
}