[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

complication in ikev2

To: ipsec@lists.tislabs.com
Subject: complication in ikev2
From: Ravi <ravivsn@roc.co.in>
Date: Wed, 26 Mar 2003 19:09:29 +0530
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

May I know why ikev2 should listen on both 500 and 4500.?What purpose does it solve? In my view, we are complicating the protocol and implementation by doing this. If both IKEv1 and IKEv2 exist (most probably they exist as separate processes or tasks and it is easy if we let IKEv1 and V2 exist separately), ikev1 can listen on port 500 and ikev2 listen on 4500. On the initiating side, if it has both v1 and v2, first it can try contacting the responder with port 4500 i.e. IKEv2. If it does not get response in certain duration, it can assume that IKEV2 is not supported by the responder and it can fallback onto the ikev1 which sends packets onto port 500. Also implementation wise it makes it easy and ikev1 and ikev2 can come from two different vendors and typically TCP/IP stacks don't allow two sockets listening on same port. -- The views presented in this mail are completely mine. The company is not responsible for whatsoever. ---------- Ravi Kumar CH Rendezvous On Chip (i) Pvt Ltd Hyderabad, India Ph: +91-40-2335 1214 / 1175 / 1184 ROC home page

Follow-Ups:
- Re: complication in ikev2
  - From: Antonio Forzieri <antonio.forzieri@cefriel.it>

Prev by Date: Re: me tarzan- me jane suggested text change
Next by Date: Re: AES-based PRF for IKEv2
Prev by thread: RE: IKEv2:limitation of 4k for UDP payload
Next by thread: Re: complication in ikev2
Index(es):
- Date
- Thread