1.6 Applicability Statement
NAT-T applies when NAT devices between the IPsec peers can otherwise prevent the establishment of IPsec SAs.
IKE fragmentation applies when intermediary devices in the path between the IPsec peers can drop fragmented UDP datagrams, that can prevent the establishment of an IPsec security association (SA).
Authentication using CGA applies when the IPsec peers do not share a common credential distribution infrastructure. CGA authentication allows such peers to verify that the remote peer has access to the public-private key pair used to generate the CGA. CGA authentication only applies to IPv6 addresses.
Fast failover applies when IPsec clients connect to a cluster of hosts using IPsec, and it is necessary to minimize the amount of time required for a client to failover from one host in the cluster to another.
Negotiation discovery applies when hosts communicate with both IPsec-aware and non-IPsec-aware devices, and it is necessary to minimize the amount of time required to detect IPsec-awareness on each peer.
Reliable delete applies when a peer needs to reliably confirm the deletion of an SA established with another peer.
IKEv2 SA Correlation applies when two different IKEv2 SAs need to be correlated.
IKEv2 Server Internal Addresses Configuration Attributes apply when the client endpoint of an IPsec remote access client needs to determine the internal IPv4 and IPv6 addresses of the IPsec remote access server.
IKEv2 fragmentation applies when intermediary network devices do not allow IP fragments to pass through, which can impede IKEv2 communication and prevent peers from establishing an IPsec SA.