[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ISAKMP Oakley resolution and ipsec doi document questions



>
>I am confused. If port is 500 only, why are
>we specifying it at all. It looks like this port
>has nothing to do with identification. 
>
>Let me try to understand. If I implement ISAKMP
>and not want to use port 500, but say use port 
>2000, could I use the port field to indicate to the 
>receiver that the reply must be sent to port 2000
>(I do not think this is the case, because the first
>message of main mode exchange does not include
>ID at all).
>

The port in the ID payload is only used for identification and not for
the ISAKMP protocol.  ISAKMP always uses port 500.  

The port field in the ID payload identifies the application (or
protocol) that is requesting the SA.  The port and protocol fields are
relative to the user information in the ID payload's data.  So it is
used to refine the identity.