[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE negotiation/rekeying problem with RSIP
>>>>> "Gabriel" == Gabriel Montenegro <gab@Eng.Sun.Com> writes:
Gabriel> "Tero Kivinen" <kivinen@ssh.fi> wrote:
>> No, the DOI document is very clear that there is only two possible
>> port numbers for ID payload, any (== zero), or 500. If you use port
>> ANY (== zero), then you may also use any port you want.
Gabriel> cool. thanks for clearing that up. how common (beyond the
Gabriel> testing sites) is this capability of using other-than-port-500
Gabriel> in commercial ipsec implementations?
I want to emphasis that if you use other-than-port-500 in most
implementations then you use it for both initiator and responder.
IKE does *NOT* use the typical "swap src/dst port and reply" method
that one is used to.
:!mcr!: | Cow#1: Are you worried about getting Mad Cow Disease?
Michael Richardson | Cow#2: No. I'm a duck.
Home: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Follow-Ups:
References: