[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] ESP usage at IETF65

To: Black_David@xxxxxxx
Subject: Re: [Ipsec] ESP usage at IETF65
From: Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Nov 2006 20:04:27 -0500
Cc: ipsec@xxxxxxxxxxxxxx
In-reply-to: Message from Black_David@xxxxxxx of "Tue, 14 Nov 2006 02:41:43 EST." <F222151D3323874393F83102D614E055068B8850@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <F222151D3323874393F83102D614E055068B8850@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-ipsec@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Black" == Black David <Black_David@xxxxxxx> writes:
    Black> I might have been one of the UDP users.  My VPN client
    Black> defaults to UDP for NAT traversal (right answer, in a hotel,
    Black> there's usually a NAT between me and the Internet), and has
    Black> to be explicitly told to use native ESP.  I don't always tell
    Black> it to do so ...

  I find this weird.

  IKE is well able to determine when there is a NAT inline... the only
times that I've had to force UDP, I also have to tell IKE to use another
port other than 500. (Port-53... for instance)

  UDP-ESP traffic should be recognizable either from port-4500, or
possibly from looking for 4-bytes of zeroes in the payload for the IKE
non-ESP stuff.

  Anyway, I posted to celeberate our success.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxx      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRVpnm4CLcPvd0N1lAQLG2Qf+J9g9poUVkeD1d0rVvvR5fR4e3CpBR5oL
kGuv7I+RkpBPK3l0bHNKJJxwGE5yhz7fzzs8yveuMNfFTLS0uOtxVrzkKYrrAyCk
Tl0ZzzQpJz9reBN2HQeWCcLyj66swCkMmJ1axHQYi6cLC8QLFbYIbtfhxT5AJdrY
Mwdk/009bzMdjxK3ACDEOUo0g1lBNIUiffTE+2rYj5Fjfd8XuRivu1u+hF+gO96B
S7I6e55TSwmu3B2JzOLLz9TdJKwIVHvpud4jUIWcMpDhR76Ed7nRveqUcxenVq0i
Vd3xnbmf9sat+rWe0AREsOKagePyvmr/N8IlcY9YMCDUl/yMCqzz5g==
=v1nO
-----END PGP SIGNATURE-----

_______________________________________________
Ipsec mailing list
Ipsec@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ipsec

References:
- RE: [Ipsec] ESP usage at IETF65
  - From: Black_David

Prev by Date: Re: Platinum
Next by Date: The Ultimate Online Pharmaceuticals
Previous by thread: RE: [Ipsec] ESP usage at IETF65
Next by thread: Re:
Index(es):
- Date
- Thread