[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

suggested clarification regarding port handling in ike



dan and dave,

judging from exchanges on the mailing list, it seems like it is
worthwhile to document further details about common practices
regarding port handling in ike. 

since the ike document is currently being revised:

 http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-01.txt

may i suggest the following blurb (or something along its lines)
be added perhaps as a further clarification in section 2.3?:

	IKE implementations MUST support UDP port 500 for both source
	and destination, but other port numbers are also allowed.
	If an implementation allows other-than-port-500 for IKE,
	it sets the value of the port numbers as reported in the 
	ID payload to 0 (meaning "any port"), instead of 500. UDP port numbers
	(500 or not) are handled by the common "swap src/dst port and reply" 
	method. 

tnx,

-gabriel




Follow-Ups: