Client Server ---------- ---------- 1) --------------------- IKE_session ---------------------- (IP_I1:UDP500 -> IP_R:UDP500) IKE_SA_INIT -------> HDR, SAi1, KEi, Ni, [N(NAT_DETECTION_SOURCE_IP)], [N(NAT_DETECTION_DESTINATION_IP)] <------- IKE_SA_INIT HDR, SAr1, KEr, Nr, [N(NAT_DETECTION_SOURCE_IP)], [N(NAT_DETECTION_DESTINATION_IP)] (IP_I1:UDP4500 -> IP_R:UDP4500) Non-ESP Marker -------> IKE_AUTH HDR, SK { IDi, CERT, AUTH, SAi2, TSi, TSr, N(MOBIKE_SUPPORTED) } <------- Non-ESP Marker IKE_AUTH HDR, SK { IDr, CERT, AUTH, SAr2, TSi, TSr, N(MOBIKE_SUPPORTED) } <---------------------> IKE/ESP Flow <------------------> 2) ------------ MOBIKE Attempt on New Network -------------- (IP_I2:UDP4500 -> IP_R:UDP4500) Non-ESP Marker -------> INFORMATIONAL HDR, SK { N(UPDATE_SA_ADDRESSES), N(NAT_DETECTION_SOURCE_IP), N(NAT_DETECTION_DESTINATION_IP) } 3) -------------------- TCP Connection ------------------- (IP_I2:Port_I -> IP_R:Port_R) TcpSyn -------> <------- TcpSyn,Ack TcpAck -------> 4) --------------------- TLS Session --------------------- ClientHello -------> ServerHello {EncryptedExtensions} {Certificate*} {CertificateVerify*} <------- {Finished} {Finished} -------> 5) ---------------------- Stream Prefix -------------------- "IKETCP" ------->