MOBIKE Support for Mobile VPN with IKEv2
In Fireware v12.8 or higher, Mobile VPN with IKEv2 supports MOBIKE, a mobility and multihoming protocol.
With MOBIKE, the Firebox can keep or reuse a Mobile VPN with IKEv2 connection because MOBIKE allows changes to the IP address associated with IKEv2 and the tunnel mode IPSec security association (SA). This means your remote workers can remain connected to the VPN even if they move to a different network.
For example, a remote worker uses Mobile VPN with IKEv2 to connect to the Firebox. The worker changes physical locations, which causes the laptop to connect to a different Wi-Fi network and obtain a different IP address. However, traffic continues to flow through the tunnel, and the user does not have to re-authenticate to remain connected to the VPN.
MOBIKE applies to IKEv2 VPN clients only. MOBIKE does not apply to the gateway. For example, if you change the Mobile VPN with IKEv2 IP address in the Firebox configuration, users experience an interrupted VPN connection.
For detailed information about the MOBIKE protocol, go to RFC 4555. In the RFC, the term “initiator” corresponds to the IKEv2 VPN client and “responder” corresponds to the Firebox.