[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protection of port 500

To: thorpej@zembu.com
Subject: Re: Protection of port 500
From: Pervaiz Rizvi <shoaib21@juno.com>
Date: Mon, 15 Jan 2001 12:44:06 -0800
Cc: shoaib21@juno.com, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Do you mean IPsec implementations silently
ignore the configured policy to protect
udp/500 with IPsec?

Pervaiz

On Mon, 15 Jan 2001 00:37:21 -0800 Jason R Thorpe <thorpej@zembu.com>
writes:
> On Sun, Jan 14, 2001 at 09:09:12PM -0800, Pervaiz Rizvi wrote:
> 
>  > Since IPsec uses UDP500 for key exchange,
>  > how does it know to ignore configurations
>  > that seek to protect udp/500 with IPsec?
>  > If this were allowed, presumably the IPsec
>  > stack would go into an unterminating recursion.
> 
> Presumably the IKE daemon would change the policy for the
> communication endpoints it is using.
> 
> -- 
>         -- Jason R. Thorpe <thorpej@zembu.com>

Follow-Ups:

Re: Protection of port 500

From: Jason R Thorpe <thorpej@zembu.com>

Re: Protection of port 500

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: Inbound processing of ESP packet
Next by Date: Re: Protection of port 500
Prev by thread: Re: Protection of port 500
Next by thread: Re: Protection of port 500
Index(es):
- Main
- Thread