[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Protection of port 500
Just to clarify, the exception should be for UDP/500 and all the
interfaces out of which you'll be speaking IKE. It is conceivable
that people might want to set up a "tunnel in a tunnel" and that
would entail a policy protecting UDP/500 for another gateway.
Dan.
On Mon, 15 Jan 2001 17:05:39 EST you wrote
> On Mon, 15 Jan 2001, Pervaiz Rizvi wrote:
> > Do you mean IPsec implementations silently
> > ignore the configured policy to protect
> > udp/500 with IPsec?
>
> A configured policy which does not include an exception for UDP/500
> (perhaps subject to other constraints) is erroneous and should be reported
> as such.
>
> Henry Spencer
> henry@spsystems.net
>
References: