[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Protection of port 500
Henry,
>On Mon, 15 Jan 2001, Pervaiz Rizvi wrote:
> > Do you mean IPsec implementations silently
> > ignore the configured policy to protect
> > udp/500 with IPsec?
>
>A configured policy which does not include an exception for UDP/500
>(perhaps subject to other constraints) is erroneous and should be reported
>as such.
A UDP/500 SPD entry applies to subscriber traffic, and thus
determines whether a subscriber behind the IPsec implementation
(especially appropriate in an SG). However, an IPsec implementation
can send and receive traffic for ITSELF independent of SPD/SAD
entries.
Steve
Follow-Ups:
References: