3.4.4.1 Start of an IKE MM SA Negotiation
As part of the construction of message #1, a CGA authentication-supporting host MUST include an "IKE CGA version 1" vendor ID payload (that is, a vendor ID payload generated by using the vendor ID string "IKE CGA version 1", as specified in [RFC2408] section 3.16) to advertise its CGA authentication capability.
If the PAD requires CGA authentication, the host MUST include the AUTH_CGA Authentication method in its SA payload, as specified in section 2.2.4.
The host MUST use its CGA to communicate with the peer for this negotiation.