[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE negotiation/rekeying problem with RSIP

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: IKE negotiation/rekeying problem with RSIP
From: Gabriel Montenegro <gab@Eng.Sun.Com>
Date: Tue, 16 Nov 1999 14:48:21 -0800 (PST)
Cc: ipsec@lists.tislabs.com, Ylian <ylian.saint-hilaire@intel.com>
In-Reply-To: "Your message with ID" <199911162223.AAA29181@torni.ssh.fi>
Reply-To: Gabriel Montenegro <gab@Eng.Sun.Com>
Sender: owner-ipsec@lists.tislabs.com

"Tero Kivinen" <kivinen@ssh.fi> wrote:
> No, the DOI document is very clear that there is only two possible
> port numbers for ID payload, any (== zero), or 500. If you use port
> ANY (== zero), then you may also use any port you want. 

cool. thanks for clearing that up. how common (beyond the testing
sites) is this capability of using other-than-port-500 in commercial
ipsec implementations?

this would mean that it is quite
possible to allow different rsip clients behind an rsip server
to register each their own ike listener at their own port number
and so enable ike sessions to be initiated from the outside to an
inside rsip client. how the outside host learns about the
particular port number to use for any given rsip client is another
matter. srv rr's? out of band? 

tnx,

-gabriel

Follow-Ups:

Re: IKE negotiation/rekeying problem with RSIP

From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

References:

Re: IKE negotiation/rekeying problem with RSIP

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: IKE negotiation/rekeying problem with RSIP
Next by Date: Re: IKE negotiation/rekeying problem with RSIP
Prev by thread: Re: IKE negotiation/rekeying problem with RSIP
Next by thread: Re: IKE negotiation/rekeying problem with RSIP
Index(es):
- Main
- Thread