[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protocol specific and port specific SAs

To: ipsec@lists.tislabs.com
Subject: Re: Protocol specific and port specific SAs
From: Joern Sierwald <joern.sierwald@F-Secure.com>
Date: Mon, 04 Sep 2000 17:20:19 +0200
In-Reply-To: <0B3F42CA1FB6D2118FE50008C7894B0A051A967D@eseis06nok>
Sender: owner-ipsec@lists.tislabs.com

At 16:23 4.9.2000 +0300, Antonia wrote:

 >	So the thing here is: Should IKE send the protocol number specified
 >in the selector when the SA is shared? 

No. If you set it to tcp, you can only transmit tcp data through it.

Lots of us will filter on protocols, lists of port ranges, tcp directions
and whatever.
But you can't negotiate or announce that kind of filtering in IKE. Use
zeros in this case.

Jörn

References:

Protocol specific and port specific SAs

From: antonio.barrera@nokia.com

Prev by Date: Protocol specific and port specific SAs
Next by Date: Re: Protocol specific and port specific SAs
Prev by thread: Protocol specific and port specific SAs
Next by thread: Re: Protocol specific and port specific SAs
Index(es):
- Main
- Thread