IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap
The IPsec RFC ecosystem is large and interconnected. When you need to find the right RFC for a specific algorithm, extension, or use case, this roadmap saves hours of cross-referencing.
What It Defines
Meta-document providing a comprehensive guide to the entire IPsec and IKE RFC ecosystem: which RFCs define the architecture, which define the protocols (ESP, AH, IKEv2), which define cryptographic algorithms, and which provide operational guidance. Maps the relationships between 60+ IPsec/IKE-related RFCs. Essential for navigating the sprawling IPsec standards landscape.
Canonical (Normative)
The canonical publication point for finalized RFCs. If a protocol is standardized as an RFC, the RFC Editor text is the normative final reference. Published by the IETF, IRTF, IAB, and independent stream.
Related Specs
IPsec is the dominant VPN technology for enterprise site-to-site links (AWS VPN, Azure VPN Gateway, on-prem firewalls). Understanding tunnel vs transport mode, SAs, and the SPD is essential for configuring and debugging VPN connectivity.
ESP is the workhorse of IPsec — every encrypted VPN tunnel uses it. When your cloud VPN shows 'Phase 2 SA established', that's an ESP SA. Understanding ESP's SPI, sequence numbers, and algorithm negotiation is key to VPN troubleshooting.
AH is mostly historical — ESP does everything AH does and adds encryption. However, AH appears in legacy configurations and exam material. Understanding why it was replaced helps explain modern IPsec design decisions.
IKEv2 is how IPsec tunnels are established and rekeyed. Every cloud VPN gateway (AWS, GCP, Azure), enterprise firewall, and mobile VPN client uses IKEv2. Phase 1/Phase 2 failures are the #1 VPN debugging scenario.