Re: using por numbers in selectors

[Dan Harkins <dharkins@network-alchemy.com>]

  I was wondering about another example of asymmetric configurations 
where negotiation in one direction succeed and in the other fail. I
intentionally didn't use the P word. But since you asked, I don't know.
You can't express "the FTP data port" in IKE. 

  Dan.

On Tue, 22 Jun 1999 14:42:12 EDT you wrote
> ...and what do you do if the Policy says use FTP port -  but FTP-data port
> is dynamically assigned? Same for HTTP.
> 
> Dan Harkins wrote:
> 
> >   I may regret opening this up again but....
> >
> >   So what are you going to do if you're locally configured for, say,
> > "all tcp traffic" or "all IP traffic" and someone gives you an offer
> > of "tcp port X"? Refuse it?
> >
> >   Similarly, what do you do if you're configured for "all IP to the
> > 10.20.30/24 network" and someone gives you an offer to 10.20.30.87?
> > Do you refuse it?
> >
> >   Dan.
> >
> > On Tue, 22 Jun 1999 10:16:40 PDT you wrote
> > > "Steven M. Bellovin" wrote:
> > > >
> > > > Do any commercial IPSEC implementations use port numbers in their
> > > > policy databases?  The ones I've looked at this far seem to use only
> > > > IP addresses.
> > >
> > > RedCreek will be supporting ports in an upcoming release.
> 
> --
> Bronislav Kavsan
> IRE Secure Solutions, Inc.
> 100 Conifer Hill Drive  Suite 513
> Danvers, MA  01923
> voice: 978-739-2384
> http://www.ire.com
> 
> 
>

---

References:

• Re: using por numbers in selectors
• From: Slava Kavsan <bkavsan@ire-ma.com>

---

• Prev by Date: Re: using por numbers in selectors
• Next by Date: RE: using por numbers in selectors
• Prev by thread: Re: using por numbers in selectors
• Next by thread: RE: using por numbers in selectors
• Index(es):
  • Main
  • Thread