[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: issues with IKE that need resolution

To: Saroop Mathur <smathur@hifn.com>
Subject: Re: issues with IKE that need resolution
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Thu, 17 Sep 1998 18:58:02 -0700
CC: ipsec@tis.com
Organization: RedCreek Communications
References: <md5:92442C72C1DA61E9544930C559619579>
Sender: owner-ipsec@ex.tis.com

Saroop Mathur wrote:
> 
> It will be useful to make the port number also a list of numbers and a list
> of ranges.

Of course, you are right. Lists of ports would be useful, but maybe not
in all cases presented. For example, the (practical) usefulness of a
port list for a list of subnets seems debatable, although I suppose the
argument could be made.

I guess the bottom line is that this will require some more thought. I
know we would like a mechanism for protocol and port lists/ranges,
because the current mechanism requires a separate SA for each
port/protocol pair unless you'll accept '0' as a wildcard protocol, and
assume a non-zero port value modifies the '0' to mean TCP|UDP. This is a
hack, though, and not a very useful one at that.

Any suggestions for constructing and differentiating these port lists?

Prev by Date: Re: issues with IKE that need resolution
Next by Date: Re: issues with IKE that need resolution
Prev by thread: Re: issues with IKE that need resolution
Next by thread: Re: issues with IKE that need resolution
Index(es):
- Main
- Thread