[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ISAKMP Oakley resolution and ipsec doi document questions

To: "'ipsec@tis.com'" <ipsec@tis.com>, "'Edward A. Russell'" <erussell@ftp.com>, "'Baiju Patel'" <baiju@ideal.jf.intel.com>, "'Roy Pereira'" <rpereira@TimeStep.com>
Subject: RE: ISAKMP Oakley resolution and ipsec doi document questions
From: "Waterhouse, Richard" <Richard.Waterhouse@gsc.gte.com>
Date: Tue, 17 Jun 1997 09:03:09 -0400
Sender: owner-ipsec@ex.tis.com

>>
>>Let me try to understand. If I implement ISAKMP
>>and not want to use port 500, but say use port 
>>2000, could I use the port field to indicate to the 
>>receiver that the reply must be sent to port 2000
>>(I do not think this is the case, because the first
>>message of main mode exchange does not include
>>ID at all).
>>
>
>The port in the ID payload is only used for identification and not for
>the ISAKMP protocol.  ISAKMP always uses port 500.  

> I'm not sure I understand how the following statement in the ISAKMP Standard
implies that "ISAKMP always USES port 500".
>
Implementations MUST include support for ISAKMP using the User Datagram
Protocol (UDP) on port 500.  UDP Port 500 has been assigned to ISAKMP by
the Internet Assigned Numbered Authority (IANA). Implementations MAY
addi-
tionally support ISAKMP over other transport protocols or over IP
itself.
>

Prev by Date: RE: Security considerations for L2TP (one last try)!
Next by Date: Re: DES-CBC brute forced.
Prev by thread: RE: ISAKMP Oakley resolution and ipsec doi document questions
Next by thread: AH/ESP loose ends
Index(es):
- Main
- Thread