[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protection of port 500



  Just to clarify, the exception should be for UDP/500 and all the
interfaces out of which you'll be speaking IKE. It is conceivable
that people might want to set up a "tunnel in a tunnel" and that
would entail a policy protecting UDP/500 for another gateway.

  Dan.

On Mon, 15 Jan 2001 17:05:39 EST you wrote
> On Mon, 15 Jan 2001, Pervaiz Rizvi wrote:
> > Do you mean IPsec implementations silently
> > ignore the configured policy to protect
> > udp/500 with IPsec?
> 
> A configured policy which does not include an exception for UDP/500
> (perhaps subject to other constraints) is erroneous and should be reported
> as such. 
> 
>                                                           Henry Spencer
>                                                        henry@spsystems.net
> 


References: