[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: phase 2 and ports
Jan is right. We used to have port ranges and similar features for
SPD configuration in the I-D precursor to RFC 2401, but they were
deleted because IKE didn't support them and nobody wanted to change
the IKE spec.
Note, that we have a WG on IP security policy and it is exploring
ways to offer real negotiation for IPsec peers, prior to IKE
exchanges. That way one need not add complexity to IKE but one can
offer more sophisticated negotiation capabilities.
Steve
Follow-Ups:
References: