"Magic Numbers" for ISAKMP Protocol

Last Updated
2012-07-19
Available Formats

XML

HTML

Plain text

Registries included below

IPSEC Situation Definition

Registration Procedure(s)
Standards Track RFC
Reference
[RFC2407]
Note
The Situation Definition is a 32-bit bitmask which represents the
environment under which the IPSEC SA proposal and negotiation is
carried out.  Requests for assignments of new situations must be
accompanied by an RFC which describes the interpretation for the
associated bit.

If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.

The upper two bits are reserved for private use amongst cooperating
systems.
Available Formats

CSV
Value Situation References
0x01 SIT_IDENTITY_ONLY [RFC2407]
0x02 SIT_SECRECY [RFC2407]
0x04 SIT_INTEGRITY [RFC2407]

IPSEC Security Protocol Identifiers

Reference
[RFC2407]
Note
The Security Protocol Identifier is an 8-bit value which identifies a
security protocol suite being negotiated.  Requests for assignments of
new security protocol identifiers must be accompanied by an RFC which
describes the requested security protocol.  [AH] and [ESP] are
examples of security protocol documents.

If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
Available Formats

CSV
Range Registration Procedures Note
0-248 Standards Track RFC
249-255 Reserved for private use Amongst cooperating systems.
Value Protocol ID References
0 RESERVED [RFC2407]
1 PROTO_ISAKMP [RFC2407]
2 PROTO_IPSEC_AH [RFC2407]
3 PROTO_IPSEC_ESP [RFC2407]
4 PROTO_IPCOMP [RFC2407]
5 PROTO_GIGABEAM_RADIO [RFC4705]
6-248 Unassigned
249-255 Reserved for private use

IPSEC ISAKMP Transform Identifiers

Reference
[RFC2407]
Note
The IPSEC ISAKMP Transform Identifier is an 8-bit value which
identifies a key exchange protocol to be used for the negotiation.
Requests for assignments of new ISAKMP transform identifiers must be
accompanied by an RFC which describes the requested key exchange
protocol.  [IKE] is an example of one such document.

If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
Available Formats

CSV
Range Registration Procedures Note
0-248 Standards Track RFC
249-255 Reserved for private use Amongst cooperating systems.
Value Transform References
0 RESERVED [RFC2407]
1 KEY_IKE [RFC2407]
2-248 Unassigned
249-255 Reserved for private use

IPSEC AH Transform Identifiers

Reference
[RFC2407]
Note
The IPSEC AH Transform Identifier is an 8-bit value which identifies a
particular algorithm to be used to provide integrity protection for
AH.  Requests for assignments of new AH transform identifiers must be
accompanied by an RFC which describes how to use the algorithm within
the AH framework ([AH]).

If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
Available Formats

CSV
Range Registration Procedures Note
0-248 Standards Track RFC
249-255 Reserved for private use Amongst cooperating systems.
Value Transform ID References
0-1 RESERVED [RFC2407]
2 AH_MD5 [RFC2407]
3 AH_SHA [RFC2407]
4 AH_DES [RFC2407]
5 AH_SHA2-256 [Marcus_Leech][RFC4868]
6 AH_SHA2-384 [Marcus_Leech][RFC4868]
7 AH_SHA2-512 [Marcus_Leech][RFC4868]
8 AH_RIPEMD [RFC2857]
9 AH_AES-XCBC-MAC [RFC3566]
10 AH_RSA [RFC4359]
11 AH_AES-128-GMAC [RFC4543][RFC Errata 1821]
12 AH_AES-192-GMAC [RFC4543][RFC Errata 1821]
13 AH_AES-256-GMAC [RFC4543][RFC Errata 1821]
14-248 Unassigned
249-255 Reserved for private use

IPSEC ESP Transform Identifiers

Reference
[RFC2407]
Note
The IPSEC ESP Transform Identifier is an 8-bit value which identifies
a particular algorithm to be used to provide secrecy protection for
ESP.  Requests for assignments of new ESP transform identifiers must
be accompanied by an RFC which describes how to use the algorithm
within the ESP framework ([ESP]).

If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
Available Formats

CSV
Range Registration Procedures Note
0-248 Standards Track RFC
249-255 Reserved for private use Amongst cooperating systems.
Value Transform ID References
0 RESERVED [RFC2407]
1 ESP_DES_IV64 [RFC2407]
2 ESP_DES [RFC2407]
3 ESP_3DES [RFC2407]
4 ESP_RC5 [RFC2407]
5 ESP_IDEA [RFC2407]
6 ESP_CAST [RFC2407]
7 ESP_BLOWFISH [RFC2407]
8 ESP_3IDEA [RFC2407]
9 ESP_DES_IV32 [RFC2407]
10 ESP_RC4 [RFC2407]
11 ESP_NULL [RFC2407]
12 ESP_AES-CBC [RFC3602]
13 ESP_AES-CTR [RFC3686]
14 ESP_AES-CCM_8 [RFC4309][1]
15 ESP_AES-CCM_12 [RFC4309][1]
16 ESP_AES-CCM_16 [RFC4309][1]
17 Unassigned
18 ESP_AES-GCM_8 [RFC4106][1]
19 ESP_AES-GCM_12 [RFC4106][1]
20 ESP_AES-GCM_16 [RFC4106][1]
21 ESP_SEED_CBC [RFC4196]
22 ESP_CAMELLIA [RFC4312]
23 ESP_NULL_AUTH_AES-GMAC [RFC4543][RFC Errata 1821]
24-248 Unassigned
249-255 Reserved for private use

IPSEC IPCOMP Transform Identifiers

Reference
[RFC2407]
Note
The IPSEC IPCOMP Transform Identifier is an 8-bit value which
identifier a particular algorithm to be used to provide IP-level
compression before ESP.  Requests for assignments of new IPCOMP
transform identifiers must be accompanied by an RFC which describes
how to use the algorithm within the IPCOMP framework ([IPCOMP]).  In
addition, the requested algorithm must be published and in the public
domain.

If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
Available Formats

CSV
Range Registration Procedures Note
1-47 Reserved for approved algorithms RFC has been approved for publication.
48-63 Reserved for private use Amongst cooperating systems.
64-255 Standards Track RFC
Value Transform ID References
0 RESERVED [RFC2407]
1 IPCOMP_OUI [RFC2407]
2 IPCOMP_DEFLATE [RFC2407]
3 IPCOMP_LZS [RFC2407]
4 IPCOMP_LZJH [RFC3051]
5-47 Reserved for approved algorithms
48-63 Reserved for private use
64-255 Unassigned

IPSEC Security Association Attributes

Reference
[RFC2407]
Note
The IPSEC Security Association Attribute consists of a 16-bit type and
its associated value.  IPSEC SA attributes are used to pass
miscellaneous values between ISAKMP peers.  Requests for assignments
of new IPSEC SA attributes must be accompanied by an Internet Draft
which describes the attribute encoding (Basic/Variable-Length) and its
legal values.  Section 4.5 of this document provides an example of
such a description.
Available Formats

CSV
Range Registration Procedures Note
1-32000 Specification Required
32001-32767 Reserved for private use Amongst cooperating systems.
Value Type Class References
1 B SA Life Type [RFC2407]
2 V SA Life Duration [RFC2407]
3 B Group Description [RFC2407]
4 B Encapsulation Mode [RFC2407]
5 B Authentication Algorithm [RFC2407]
6 B Key Length [RFC2407]
7 B Key Rounds [RFC2407]
8 B Compress Dictionary Size [RFC2407]
9 V Compress Private Algorithm [RFC2407]
10 B ECN Tunnel [RFC3168]
11 B Extended (64-bit) Sequence Number [RFC4304]
12 V Authentication Key Length [RFC4359]
13 B Signature Encoding Algorithm [RFC4359]
14 B Address Preservation [RFC6407]
15 B SA Direction [RFC6407]
16-32000 Unassigned
32001-32767 Reserved for private use

SA Life Type Values (Value 1)

Reference
[RFC2407]
Available Formats

CSV
Range Registration Procedures
1-61439 Specification Required
61440-65535 Reserved for private use
Value Name References
0 Reserved [RFC2407]
1 seconds [RFC2407]
2 kilobytes [RFC2407]
3-61439 Unassigned
61440-65535 Reserved for private use

Group Description (Value 3)

Note
Please refer to the registry Group Description (Value 4) at [IANA registry ipsec-registry]

Encapsulation Mode (Value 4)

Reference
[RFC2407]
Available Formats

CSV
Range Registration Procedures
0-61439 Specification Required
61440-65535 Reserved for private use
Value Name References
0 Reserved [RFC2407]
1 Tunnel [RFC2407]
2 Transport [RFC2407]
3 UDP-Encapsulated-Tunnel [RFC3947]
4 UDP-Encapsulated-Transport [RFC3947]
5-61439 Unassigned
61440-65535 Reserved for private use

Authentication Algorithm (Value 5)

Reference
[RFC2407]
Available Formats

CSV
Range Registration Procedures
3-61439 Specification Required
61440-65535 Reserved for private use
Value Name References
0 Reserved [RFC2407]
1 HMAC-MD5 [RFC2407]
2 HMAC-SHA [RFC2407]
3 DES-MAC [RFC2407]
4 KPDK [RFC2407]
5 HMAC-SHA2-256 [Marcus_Leech]
6 HMAC-SHA2-384 [Marcus_Leech]
7 HMAC-SHA2-512 [Marcus_Leech]
8 HMAC-RIPEMD [RFC2857]
9 AES-XCBC-MAC [RFC3566]
10 SIG-RSA [RFC4359]
11 AES-128-GMAC [RFC4543][RFC Errata 1821]
12 AES-192-GMAC [RFC4543][RFC Errata 1821]
13 AES-256-GMAC [RFC4543][RFC Errata 1821]
14-61439 Unassigned
61440-65535 Reserved for private use

Compression Private Algorithm (Value 9)

Registration Procedure(s)
IANA does not assign
Reference
[RFC2407]
Note
Specifies a private vendor compression algorithm.  The first
three (3) octets must be an IEEE assigned company_id (OUI).
The next octet may be a vendor specific compression subtype,
followed by zero or more octets of vendor data.
Registry is empty.

ECN Tunnel (Value 10)

Reference
[RFC3168]
Note
If unspecified, the default shall be assumed to be Forbidden.
Available Formats

CSV
Range Registration Procedures
0-61439 Specification Required
61440-65535 Reserved for private use
Value Name References
0 Reserved [RFC3168]
1 Allowed [RFC3168]
2 Forbidden [RFC3168]
3-61439 Unassigned
61440-65535 Reserved for private use

Extended (64-bit) Sequence Number (Value 11)

Registration Procedure(s)
No additional class values will be assigned for this attribute.
Reference
[RFC4304]
Available Formats

CSV
Value Name References
0 RESERVED [RFC4304]
1 64-bit Sequence Number [RFC4304]

Signature Encoding Algorithm Values (Value 13)

Reference
[RFC4359]
Available Formats

CSV
Range Registration Procedures
0-61439 Standards Action
61440-65535 Reserved for private use
Value Name References
0 Reserved [RFC4359]
1 RSASSA-PKCS1-v1_5 [RFC4359]
2 RSASSA-PSS [RFC4359]
3-61439 Unassigned
61440-65535 Reserved for private use

Address Preservation (Value 14)

Registration Procedure(s)
Standards Action
Reference
[RFC6407]
Available Formats

CSV
Value Name References
0 Reserved [RFC6407]
1 None [RFC6407]
2 Source-Only [RFC6407]
3 Destination-Only [RFC6407]
4 Source-and-Destination [RFC6407]
5-61439 Unassigned
61440-65535 Private Use [RFC6407]

SA Direction (Value 15)

Registration Procedure(s)
Standards Action
Reference
[RFC6407]
Available Formats

CSV
Value Name References
0 Reserved [RFC6407]
1 Sender-Only [RFC6407]
2 Receiver-Only [RFC6407]
3 Symmetric [RFC6407]
4-61439 Unassigned [RFC6407]
61440-65535 Private Use [RFC6407]

IPSEC Labeled Domain Identifiers

Registration Procedure(s)
First come first serve
Reference
[RFC2407]
Note
The IPSEC Labeled Domain Identifier is a 32-bit value which identifies
a namespace in which the Secrecy and Integrity levels and categories
values are said to exist.  Requests for assignments of new IPSEC
Labeled Domain Identifiers should be granted on demand.  No
accompanying documentation is required, though Internet Drafts are
encouraged when appropriate.
Available Formats

CSV
Value Domain References
0 Reserved [RFC2407]
0x80000000-0xffffffff Reserved for private use

IPSEC Identification Type

Reference
[RFC2407]
Note
The IPSEC Identification Type is an 8-bit value which is used as a
discriminant for interpretation of the variable-length Identification
Payload.  Requests for assignments of new IPSEC Identification Types
must be accompanied by an RFC which describes how to use the
identification type within IPSEC.

If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
Available Formats

CSV
Range Registration Procedures
0-248 RFC
249-255 Reserved for private use
Value ID Type References
0 RESERVED [RFC2407]
1 ID_IPV4_ADDR [RFC2407]
2 ID_FQDN [RFC2407]
3 ID_USER_FQDN [RFC2407]
4 ID_IPV4_ADDR_SUBNET [RFC2407]
5 ID_IPV6_ADDR [RFC2407]
6 ID_IPV6_ADDR_SUBNET [RFC2407]
7 ID_IPV4_ADDR_RANGE [RFC2407]
8 ID_IPV6_ADDR_RANGE [RFC2407]
9 ID_DER_ASN1_DN [RFC2407]
10 ID_DER_ASN1_GN [RFC2407]
11 ID_KEY_ID [RFC2407]
12 ID_LIST [RFC3554]
13-248 Unassigned
249-255 Reserved for private use

IPSEC Notify Message Types

Reference
[RFC2407]
Note
The IPSEC Notify Message Type is a 16-bit value taken from the range
of values reserved by ISAKMP for each DOI.  There is one range for
error messages (8192-16383) and a different range for status messages
(24576-32767).  Requests for assignments of new Notify Message Types
must be accompanied by an Internet Draft which describes how to use
the identification type within IPSEC.

Notify Messages - Error Types (8192-16383)

Available Formats

CSV
Range Registration Procedures Note
8192-16000 Specification Required
16001-16383 Reserved for private use Amongst cooperating systems.
Value Notify Messages - Error Types References
8192 Reserved [RFC2407]
8193-16000 Unassigned
16001-16383 Reserved for private use

Notify Messages - Status Types (24576-32767)

Available Formats

CSV
Range Registration Procedures Note
24576-32000 Specification Required
32001-32767 Reserved for private use Amongst cooperating systems.
Value Notify Messages - Status Types References
24576 RESPONDER-LIFETIME [RFC2407]
24577 REPLAY-STATUS [RFC2407]
24578 INITIAL-CONTACT [RFC2407]
24579-32000 Unassigned
32001-32767 Reserved for private use

People

ID Name Contact URI Last Updated
[Marcus_Leech] Marcus Leech mailto:mleech&nortelnetworks.com 2000-10

Footnote

[1]
This is combined mode cipher, but combined mode algorithms are not
a ature of IPsec-v2. Although some IKEv1/IPsec-v2 implementations 
inude this capability (see [RFC6071] Section 5.4), it is not part of 
thprotocol.