HTTP/1.1 302 Found
Date: Wed, 08 Oct 2025 10:02:09 GMT
Server: Apache
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Location: https://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml
Content-Length: 0
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
Cache-Control: public, s-maxage=1800, max-age=3600
Expires: Wed, 08 Oct 2025 11:02:09 GMT
Content-Type: text/html; charset=utf-8
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://*.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com https://www.google.com/; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com;
Strict-Transport-Security: max-age=48211200; preload
HTTP/1.1 200 OK
Date: Wed, 08 Oct 2025 10:02:09 GMT
Server: Apache
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Last-Modified: Fri, 06 Dec 2024 19:45:37 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
Cache-Control: public, s-maxage=1800, max-age=3600
Expires: Wed, 08 Oct 2025 11:02:09 GMT
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://*.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com https://www.google.com/; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com;
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=48211200; preload
Internet Key Exchange (IKE) Attributes
Internet Key Exchange (IKE) Attributes
Last Updated
2024-12-06
Note
All registries listed below have been closed. See [RFC9395 ].
Note
Attribute Assigned Numbers
Attributes negotiated during phase one use the following definitions.
Phase two attributes are defined in the applicable DOI specification
(for example, IPsec attributes are defined in the IPsec DOI), with the
exception of a group description when Quick Mode includes an ephemeral
Diffie-Hellman exchange. Attribute types can be either Basic (B) or
Variable-length (V). Encoding of these attributes is defined in the
base ISAKMP specification as Type/Value (Basic) and Type/Length/Value
(Variable).
Attributes described as basic MUST NOT be encoded as variable.
Variable length attributes MAY be encoded as basic attributes if their
value can fit into two octets. If this is the case, an attribute
offered as variable (or basic) by the initiator of this protocol MAY
be returned to the initiator as a basic (or variable).
Available Formats
Registries Included Below
Registration Procedure(s)
Registry closed
Reference
[RFC2409 ][RFC9395 ]
Available Formats
Value
Class
Type
Reference
1
Encryption Algorithm
B
[RFC2409 ]
2
Hash Algorithm
B
[RFC2409 ]
3
Authentication Method
B
[RFC2409 ]
4
Group Description
B
[RFC2409 ]
5
Group Type
B
[RFC2409 ]
6
Group Prime/Irreducible Polynomial
V
[RFC2409 ]
7
Group Generator One
V
[RFC2409 ]
8
Group Generator Two
V
[RFC2409 ]
9
Group Curve A
V
[RFC2409 ]
10
Group Curve B
V
[RFC2409 ]
11
Life Type
B
[RFC2409 ]
12
Life Duration
V
[RFC2409 ]
13
PRF
B
[RFC2409 ]
14
Key Length
B
[RFC2409 ]
15
Field Size
B
[RFC2409 ]
16
Group Order
V
[RFC2409 ]
17-16383
Unassigned
16384-32767
Reserved for private use
Registration Procedure(s)
Registry closed
Reference
[RFC2409 ][RFC9395 ]
Available Formats
Value
Ecryption Algorithm
Reference
0
Reserved
1
DES-CBC
[RFC2405 ]
2
IDEA-CBC
[RFC2409 ]
3
Blowfish-CBC
[RFC2409 ]
4
RC5-R16-B64-CBC
[RFC2409 ]
5
3DES-CBC
[RFC2409 ]
6
CAST-CBC
[RFC2409 ]
7
AES-CBC
[RFC3602 ]
8
CAMELLIA-CBC
[RFC4312 ]
9-65000
Unassigned
65001-65535
Reserved for private use
Registration Procedure(s)
Registry closed
Reference
[RFC2409 ][RFC9395 ]
Available Formats
Value
Hash Algorithm
Reference
0
Reserved
1
MD5
[RFC1321 ]
2
SHA
[NIST, FIPS PUB 180-1: Secure Hash Standard,
April 1995.]
3
Tiger
[Anderson, R., and Biham, E., "Fast Software Encryption",
Springer LNCS v. 1039, 1996.]
4
SHA2-256
[RFC4868 ]
5
SHA2-384
[RFC4868 ]
6
SHA2-512
[RFC4868 ]
7-65000
Unassigned
65001-65535
Reserved for private use
Registration Procedure(s)
Registry closed
Reference
[RFC2409 ][RFC9395 ]
Available Formats
Value
Method
Reference
0
Reserved
1
pre-shared key
[RFC2409 ]
2
DSS signatures
[RFC2409 ]
3
RSA signatures
[RFC2409 ]
4
Encryption with RSA
[RFC2409 ]
5
Revised encryption with RSA
[RFC2409 ]
6
Reserved (was Encryption with El-Gamal)
7
Reserved (was Revised encryption with El-Gamal)
8
Reserved (was ECDSA signatures)
9
ECDSA with SHA-256 on the P-256 curve
[RFC4754 ]
10
ECDSA with SHA-384 on the P-384 curve
[RFC4754 ]
11
ECDSA with SHA-512 on the P-521 curve
[RFC4754 ]
12-65000
Unassigned
65001-65535
Reserved for private use
Registration Procedure(s)
Registry closed
Reference
[RFC2409 ][RFC9395 ]
Note
These values were reserved as per draft-ipsec-ike-ecc-groups
which never made it to the RFC. These values might be used by some
implementations as currently registered in the registry, but new
implementations should not use them.
Available Formats
Registration Procedure(s)
Registry closed
Reference
[RFC2409 ][RFC9395 ]
Available Formats
Value
Group Type
Reference
0
Reserved
1
MODP (modular exponentiation group)
[RFC2409 ]
2
ECP (elliptic curve group over GF[P])
[RFC2409 ]
3
EC2N (elliptic curve group over GF[2^N])
[RFC2409 ]
4-65000
Unassigned
65001-65535
Reserved for private use
Registration Procedure(s)
Registry closed
Reference
[RFC2409 ][RFC9395 ]
Note
For a given "Life Type" the value of the "Life Duration" attribute defines
the actual length of the SA life -- either a number of seconds, or a number
of kbytes protected.
Available Formats
Value
Life Type
Reference
0
Reserved
1
seconds
[RFC2409 ]
2
kilobytes
[RFC2409 ]
3-65000
Unassigned
65001-65535
Reserved for private use
Registration Procedure(s)
Registry closed
Reference
[RFC2409 ][RFC9395 ]
Value
Description
Reference
No registrations at this time.
Registration Procedure(s)
Registry closed
Reference
[RFC2408 ][RFC9395 ]
Note
DOI Specific use is the Additional Exchanges Defined registry
Available Formats
Value
Exchange Type
Reference
0
NONE
[RFC2408 ]
1
Base
[RFC2408 ]
2
Identity Protection
[RFC2408 ]
3
Authentication Only
[RFC2408 ]
4
Aggressive
[RFC2408 ]
5
Informational
[RFC2408 ]
6-31
ISAKMP Future Use
32-239
DOI Specific Use
240-255
Private Use
Registration Procedure(s)
Registry closed
Reference
[RFC2409 ][RFC9395 ]
Available Formats
Value
Phase
Reference
32
Quick Mode
[RFC2409 ]
33
New Group Mode
[RFC2409 ]
Registration Procedure(s)
Registry closed
Reference
[RFC2408 ][RFC9395 ]
Note
The Domain of Interpretation is a 32-bit value which identifies the
context in which the Security Association payload is to be evaluated.
Requests for assignments of new domain of interpretation identifiers
must be accompanied by a public specification, such as an Internet RFC.
Available Formats
Registration Procedure(s)
Registry closed
Reference
[RFC2408 ][RFC9395 ]
Note
The Next Payload type is an 8-bit value that indicates the type of the
next payload in the message.
Available Formats
Reference
[RFC2408 ][RFC9395 ]
Available Formats
Range
Registration Procedures
Note
1 - 8191
Registry closed
Error types
8192 - 16383
Registry closed
Doi-Specific Error types
16384 - 24575
Registry closed
Status types RESERVED
24576 - 32767
Registry closed
DOI-specific Status codes
32768 - 40959
Registry closed
Private Use
40960 - 65535
Registry closed
RESERVED
Registration Procedure(s)
Registry closed
Reference
[RFC2408 ][RFC9395 ]
Available Formats
Value
Nofity Messages - Error Types
Reference
1
INVALID-PAYLOAD-TYPE
[RFC2408 ]
2
DOI-NOT-SUPPORTED
[RFC2408 ]
3
SITUATION-NOT-SUPPORTED
[RFC2408 ]
4
INVALID-COOKIE
[RFC2408 ]
5
INVALID-MAJOR-VERSION
[RFC2408 ]
6
INVALID-MINOR-VERSION
[RFC2408 ]
7
INVALID-EXCHANGE-TYPE
[RFC2408 ]
8
INVALID-FLAGS
[RFC2408 ]
9
INVALID-MESSAGE-ID
[RFC2408 ]
10
INVALID-PROTOCOL-ID
[RFC2408 ]
11
INVALID-SPI
[RFC2408 ]
12
INVALID-TRANSFORM-ID
[RFC2408 ]
13
ATTRIBUTES-NOT-SUPPORTED
[RFC2408 ]
14
NO-PROPOSAL-CHOSEN
[RFC2408 ]
15
BAD-PROPOSAL-SYNTAX
[RFC2408 ]
16
PAYLOAD-MALFORMED
[RFC2408 ]
17
INVALID-KEY-INFORMATION
[RFC2408 ]
18
INVALID-ID-INFORMATION
[RFC2408 ]
19
INVALID-CERT-ENCODING
[RFC2408 ]
20
INVALID-CERTIFICATE
[RFC2408 ]
21
CERT-TYPE-UNSUPPORTED
[RFC2408 ]
22
INVALID-CERT-AUTHORITY
[RFC2408 ]
23
INVALID-HASH-INFORMATION
[RFC2408 ]
24
AUTHENTICATION-FAILED
[RFC2408 ]
25
INVALID-SIGNATURE
[RFC2408 ]
26
ADDRESS-NOTIFICATION
[RFC2408 ]
27
NOTIFY-SA-LIFETIME
[RFC2408 ]
28
CERTIFICATE-UNAVAILABLE
[RFC2408 ]
29
UNSUPPORTED-EXCHANGE-TYPE
[RFC2408 ]
30
UNEQUAL-PAYLOAD-LENGTHS
[RFC2408 ]
31-8191
RESERVED (Future Use)
Registration Procedure(s)
Registry closed
Reference
[RFC2408 ][RFC9395 ]
Available Formats
Value
Nofity Messages - Status Types
Reference
16384
CONNECTED
[RFC2408 ]
16385-24575
RESERVED (Future Use)
