3.2.4.1 Start of an IKE MM SA Negotiation

As part of the construction of message #1 for a new MM SA negotiation (as specified in [RFC2409] section 5), a NAT-T supporting host MUST include with its first IKE message extra vendor ID payloads (as specified in [RFC2408] section 3.16) to advertise its NAT-T revision support (as specified in [RFC3947] section 3.1). If the host supports only [DRAFT-NATT], it MUST include only the vendor ID "draft-ietf-ipsec-nat-t-ike-02\n" within message #1. If it supports only [RFC3947], it MUST include only the vendor ID "RFC 3947" within message #1. If it supports both [DRAFT-NATT] and [RFC3947], it MUST include both vendor IDs "draft-ietf-ipsec-nat-t-ike-02\n" and "RFC 3947" within message #1.<15>