[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE negotiation/rekeying problem with RSIP

To: ipsec@lists.tislabs.com
Subject: Re: IKE negotiation/rekeying problem with RSIP
From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Date: Tue, 16 Nov 1999 19:44:32 -0500
In-Reply-To: Your message of "Tue, 16 Nov 1999 14:48:21 PST." <Roam.SIMC.2.0.6.942792501.6433.gab@eng.sun.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Gabriel" == Gabriel Montenegro <gab@Eng.Sun.Com> writes:
    Gabriel> "Tero Kivinen" <kivinen@ssh.fi> wrote:
    >> No, the DOI document is very clear that there is only two possible
    >> port numbers for ID payload, any (== zero), or 500. If you use port
    >> ANY (== zero), then you may also use any port you want.

    Gabriel> cool. thanks for clearing that up. how common (beyond the
    Gabriel> testing sites) is this capability of using other-than-port-500
    Gabriel> in commercial ipsec implementations?

  I want to emphasis that if you use other-than-port-500 in most
implementations then you use it for both initiator and responder. 
  IKE does *NOT* use the typical "swap src/dst port and reply" method
that one is used to. 

   :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
   Michael Richardson |  Cow#2: No. I'm a duck.
 Home: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.

Follow-Ups:

Re: IKE negotiation/rekeying problem with RSIP

From: Tero Kivinen <kivinen@ssh.fi>

References:

Re: IKE negotiation/rekeying problem with RSIP

From: Gabriel Montenegro <gab@Eng.Sun.Com>

Prev by Date: Re: IKE negotiation/rekeying problem with RSIP
Next by Date: RE: Phase 1 Re-keying Implementation Identification
Prev by thread: Re: IKE negotiation/rekeying problem with RSIP
Next by thread: Re: IKE negotiation/rekeying problem with RSIP
Index(es):
- Main
- Thread