[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2: prepending four octets

To: ipsec@lists.tislabs.com
Subject: Re: IKEv2: prepending four octets
From: Vinay K Nallamothu <vinay-rc@naturesoft.net>
Date: 19 Mar 2003 15:51:45 +0530
In-Reply-To: <3E77FA94.1060006@roc.co.in>
References: <004001c2ed45$4536a290$292e1dc2@YnirNew> <3E77FA94.1060006@roc.co.in>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 2003-03-19 at 10:35, ravi wrote:
> IKEv2 is being defined fresh. Why can't we use port 500 for the purpose of
>       NAT Traversal. If we make this packet also containing first four bytes after
>       UDP header as 0s in case of IKE packet, then there is no need for port 4500
This is to avoid any IKE aware NAPT devices present in between playing
smart. These devices make use of the SPI field to uniquely identify the
source behind the NAPT.

For more details please go through  sections 9.1 to 9.3 of
draft-ietf-ipsec-ikev2-tutorial-01.txt.

Hope this helps
vinay

> 
> --Ravi
> 
> >Hope this helps
> >
> >Yoav
> >
> >-----Original Message-----
> >From: owner-ipsec@lists.tislabs.com
> >[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of ravi
> >Sent: Tuesday, March 18, 2003 10:11 AM
> >To: ipsec@lists.tislabs.com
> >Subject: IKEv2: prepending four octets
> >
> >
> >Dear All,
> >I am going through the ikev2-0.5 draft.It says
> >In the IKE header when sent on UDP port 4500 ,IKE messages have
> >prepended four octets of Zero.
> >
> >My doubt is what made to prepend four octets of Zeroes before the IKE
> >message.
> >Thanks in advance,
> >Ravi Kumar CH.
> >
> >
> >
> >  
> >
> 
> 
>

References:
- RE: IKEv2: prepending four octets
  - From: "Yoav Nir" <ynir@CheckPoint.com>
- Re: IKEv2: prepending four octets
  - From: ravi <ravivsn@roc.co.in>

Prev by Date: Re: Another NAT Traversal question
Next by Date: Re: Do ipsec vendors care about privacy?
Prev by thread: Re: IKEv2: prepending four octets
Next by thread: RE: IKEv2: prepending four octets
Index(es):
- Date
- Thread