[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec through firewalls (was re:INITIAL-CONTACT issues)

To: "Waters, Stephen" <Stephen.Waters@cabletron.com>
Subject: Re: ipsec through firewalls (was re:INITIAL-CONTACT issues)
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Mon, 10 May 1999 09:08:38 -0700
CC: ipsec@lists.tislabs.com
Organization: RedCreek Communications
References: <29752A74B6C5D211A4920090273CA3DC385A12@new-exc1.ctron.com>
Sender: owner-ipsec@lists.tislabs.com

"Waters, Stephen" wrote:
<trimmed...>
> 
> TCP Q:
> 
> There do seem to be some cracks showing in IKE connection phase (we have
> been using a lot of IKE duct-tape lately).  I guess it would not take us too
> long to get IKE running over TCP instead - it may be worth a try, and we may
> even offer the option for like-to-like running, if it makes life easier.
> 

I agree that there are connection-related problems with ISAKMP/IKE as
currently implemented. Perhaps a better line of questioning is this: why
was transport independence a design goal for ISAKMP to begin with, and
is it still a design goal? When you answer these questions, you
ascertain whether it is appropriate to discuss whether or not to rely
upon TCP for connection-related reliability.

Scott

References:

RE: ipsec through firewalls (was re:INITIAL-CONTACT issues)

From: "Waters, Stephen" <Stephen.Waters@cabletron.com>

Prev by Date: Re: ipsec through firewalls (was re:INITIAL-CONTACT issues)
Next by Date: Re: ipsec through firewalls (was re:INITIAL-CONTACT issues)
Prev by thread: RE: ipsec through firewalls (was re:INITIAL-CONTACT issues)
Next by thread: RE: ipsec through firewalls (was re:INITIAL-CONTACT issues)
Index(es):
- Main
- Thread