Re: suggested clarification regarding port handling in ike

[Dan Harkins <dharkins@network-alchemy.com>]

  Hi Gabriel,

On Sat, 20 Nov 1999 10:54:45 PST you wrote
> dan and dave,
> 
> judging from exchanges on the mailing list, it seems like it is
> worthwhile to document further details about common practices
> regarding port handling in ike. 
> 
> since the ike document is currently being revised:
> 
>  http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-01.txt
> 
> may i suggest the following blurb (or something along its lines)
> be added perhaps as a further clarification in section 2.3?:
> 
> 	IKE implementations MUST support UDP port 500 for both source
> 	and destination, but other port numbers are also allowed.
> 	If an implementation allows other-than-port-500 for IKE,
> 	it sets the value of the port numbers as reported in the 
> 	ID payload to 0 (meaning "any port"), instead of 500. UDP port numbers
> 	(500 or not) are handled by the common "swap src/dst port and reply" 
> 	method. 

IKE uses ISAKMP as a transport and it seems to me that any verbage
needed to clarify the use of that transport should go in a son-of-ISAKMP
draft. In addition, the ID payloads are typically exchanged so late in
the exchange that this information would not be useful. A Main Mode
exchange will have 4 packets be exchanged before the Responder would
obtain the Initiator's ID payload informing him that the Initiator
allows for an other-than-port-500 port.

  Dan.

---

References:

• suggested clarification regarding port handling in ike
• From: Gabriel.Montenegro@Eng.Sun.Com (Gabriel Montenegro)

---

• Prev by Date: suggested clarification regarding port handling in ike
• Next by Date: RE: FIPS 186 and X9.42: One of these things is not like the other
• Prev by thread: suggested clarification regarding port handling in ike
• Next by thread: Re: suggested clarification regarding port handling in ike
• Index(es):
  • Main
  • Thread