At the outset the gateway authenticates itself to the client by sending an
IKEv2 <b>RSA signature</b> accompanied by a certificate.
The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
<b>carol</b> uses the <i>Extensible Authentication Protocol</i>
in association with the <i>Authentication and Key Agreement</i> protocol
(<b>EAP-AKA</b>) to authenticate against the gateway. In this scenario,
quintuplets from the SQL database /etc/ipsec.d/ipsec.db are used instead
of a physical USIM card on the client <b>carol</b>. The USIM provider on
gateway <b>moon</b> also stores the quintuplets in an SQL database.