[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ISAKMP Oakley resolution and ipsec doi document questions

I am confused. If port is 500 only, why are
we specifying it at all. It looks like this port
has nothing to do with identification. 

Let me try to understand. If I implement ISAKMP
and not want to use port 500, but say use port 
2000, could I use the port field to indicate to the 
receiver that the reply must be sent to port 2000
(I do not think this is the case, because the first
message of main mode exchange does not include
ID at all).


-----Original Message-----
From:	Roy Pereira [SMTP:rpereira@TimeStep.com]
Sent:	Monday, June 16, 1997 7:26 AM
To:	'baiju@ideal.jf.intel.com'; 'ipsec@tis.com'; 'Edward A. Russell'
Subject:	RE: ISAKMP Oakley resolution and ipsec doi document questions

>>2. in the doi document, who's port number is specified in
>>the identification payload? (initiator or reviver?)
>>The protocol ID and port are also in the field marked
>>reserved in the ISAKMP document. Is this intentional?
>>In my view, this should be consistent.
>The port is 500 for sending
>The port is 500 for receiving
>The port is 500 ONLY.
>I believe this came out of Memphis.

This change was due to some implementations only accepting ISAKMP
exchanges if both the source and destination ports were 500.