Information about IKEv2 Mutual Authentication
When the RPD connects to the CCAP Core, a mutual authentication using IKEv2 with public key signatures is optionally required and a secure control session may be established which can be secured using IPsec.
Mutual authentication is optionally required between the RPD and CCAP Core, and a secure connection may not be required in all cases. Whether authentication is required for an RPD is determined by the network that it is connected to. In some cases, RPD is located in an untrusted network, and it must connect to devices inside the trusted network, which presents a potential security vulnerability.
Authentication is initiated by RPD. Whether the RPD is required to authenticate is under control of the CCAP Core.