Hi, With IKEv2 EAP authentication, there are 3 identities involved 1) IDi - IKEv2 initiator identity sent in msg-3 2) EAP identity that gateway (IKE2 responder) can request from the client (IKEv2 initiator) 3) Authenticated EAP identity that third party EAP server provides to the gateway (IKEv2 responder).
Could someone please clarify from RFC standpoint if 1) The 3 identities mentioned above MUST/SHOULD be same 2) If not same, what purpose should each of the above identities serve 3) The mandatory/recommended format for each of the above identites Thanks, -Amjad _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
