[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Protection of port 500
Do you mean IPsec implementations silently
ignore the configured policy to protect
udp/500 with IPsec?
Pervaiz
On Mon, 15 Jan 2001 00:37:21 -0800 Jason R Thorpe <thorpej@zembu.com>
writes:
> On Sun, Jan 14, 2001 at 09:09:12PM -0800, Pervaiz Rizvi wrote:
>
> > Since IPsec uses UDP500 for key exchange,
> > how does it know to ignore configurations
> > that seek to protect udp/500 with IPsec?
> > If this were allowed, presumably the IPsec
> > stack would go into an unterminating recursion.
>
> Presumably the IKE daemon would change the policy for the
> communication endpoints it is using.
>
> --
> -- Jason R. Thorpe <thorpej@zembu.com>
Follow-Ups: