IKEv2 Configuration Payload Tidbit

In this tidbit I want to cover what IKEv2 configuration payloads are & why they are needed. So it is sometimes desirable for the hub in hub & spoke topologies to provide configuration data to the spokes. Note that the use of the configuration payload feature is completely optional.


To start, these configuration payloads are a part of messages 3 & 4 during IKE_AUTH. If using the config payload, note that this feature this occurs prior to creating any child SAs.


Now let's cover config payload types so we have an understanding of how communication works:

  • CFG_REQUEST: Sent by the initiator, when the initiator is the FlexVPN client.

  • CFG_REPLY: Sent by the responder, when the responder receives the CFG_REQUEST.

  • CFG_SET: Sent by the initiator when you enable the config-exchange set send command in the IKEv2 profile. Sent by the responder when the CFG_REQUEST is not received, the configuration data is available, and the config-exchange set send command is enabled in the IKEv2 profile.

  • CFG_ACK: Sent by the initiator when you enable the config-exchange set accept command in the IKEv2 profile. Sent by the responder when you enable the config-exchange set accept command in the IKEv2 profile.

Here is a brief overview:

To see the IKEv2 Configuration feature in action see other IKEv2 related posts.

Cheers!

0 comments

Recent Posts

See All

ASA MultiContext Mode Packet Classification Tidbit

In order to understand how traffic flows through the segregated contexts it is important to understand how the ASA determines the context in which it will send the packets. This process is known as c

ASA Security Contexts Tidbit

In this tidbit I want to explain what Cisco ASA Security Contexts are in this blog. A very plain & simple way to put it, security contexts are a way to logically divide the ASA into multiple logical

Fundamentals of PKI Tidbit

I want to touch on some of the fundamentals and standards involved with PKI to give us an overview of what things are/mean. To start let's cover what the standards are. So you have probably seen or