[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Getting focus for son-of-IKE
Scott Kelly wrote:
>
> Stephen Kent wrote:
> >
> > Paul,
> >
> > I generally like your analysis for IKE, but I would also like to
> > suggest that there may be a few "added functions" that should be on
> > the list. For example, we stripped out several negotiation features
> > for phase II which had been supported in the SPD, e.g., port ranges
> > or lists vs. individual port numbers. I'd like to see these added
> > back.
> >
> > Steve
>
> I agree with Steve. In general, I would like to see a more comprehensive
> selector specification mechanism in IKE.
>
> Scott
Definitely, if possible! We, like many others, support firewall functionality,
and can specify allowed traffic very finely in terms of local / remote port
numbers. Since these cannot be specified in IKE, the end result is potentially
very confusing for customers.
Ari
--
Ari Huttunen phone: +358 9 859 900
Senior Software Engineer fax : +358 9 8599 0452
F-Secure Corporation http://www.F-Secure.com
F-Secure products: Integrated Solutions for Enterprise Security
References: