[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEv2: prepending four octets
Hi,
> You prepend four zeros to IKE messages, because no
>IPsec-encapsulated-in-UDP message begins with four zeros. An encapsulated
>IPSec packet begins with the SPI which is always non-zero. Adding four
>zeros to the beginning of an IKE message makes it possible to distinguish
>IKE messages from encapsulated IPSec packets.
>
>
IKEv2 is being defined fresh. Why can't we use port 500 for the purpose of
NAT Traversal. If we make this packet also containing first four bytes after
UDP header as 0s in case of IKE packet, then there is no need for port 4500
--Ravi
>Hope this helps
>
>Yoav
>
>-----Original Message-----
>From: owner-ipsec@lists.tislabs.com
>[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of ravi
>Sent: Tuesday, March 18, 2003 10:11 AM
>To: ipsec@lists.tislabs.com
>Subject: IKEv2: prepending four octets
>
>
>Dear All,
>I am going through the ikev2-0.5 draft.It says
>In the IKE header when sent on UDP port 4500 ,IKE messages have
>prepended four octets of Zero.
>
>My doubt is what made to prepend four octets of Zeroes before the IKE
>message.
>Thanks in advance,
>Ravi Kumar CH.
>
>
>
>
>