[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protection of port 500

To: Henry Spencer <henry@spsystems.net>
Subject: Re: Protection of port 500
From: Stephen Kent <kent@bbn.com>
Date: Mon, 15 Jan 2001 22:45:30 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <Pine.BSI.3.91.1010115170348.20128D-100000@spsystems.net>
References: <Pine.BSI.3.91.1010115170348.20128D-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com

Henry,

>On Mon, 15 Jan 2001, Pervaiz Rizvi wrote:
>  > Do you mean IPsec implementations silently
>  > ignore the configured policy to protect
>  > udp/500 with IPsec?
>
>A configured policy which does not include an exception for UDP/500
>(perhaps subject to other constraints) is erroneous and should be reported
>as such.

A UDP/500 SPD entry applies to subscriber traffic, and thus 
determines whether a subscriber behind the IPsec implementation 
(especially appropriate in an SG). However, an IPsec implementation 
can send and receive traffic for ITSELF independent of SPD/SAD 
entries.

Steve

Follow-Ups:

Re: Protection of port 500

From: Henry Spencer <henry@spsystems.net>

References:

Re: Protection of port 500

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: Manual SA SPI range
Next by Date: Re: Manual SA SPI range
Prev by thread: Re: Protection of port 500
Next by thread: Re: Protection of port 500
Index(es):
- Main
- Thread