[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02247) Re: IPSec over TCP

To: "BUYCK Jacky FTRD/DMI/CAE" <jacky.buyck@xxxxxxxxxxxxxxxxxxxx>
Subject: (usagi-users 02247) Re: IPSec over TCP
From: Peter Bieringer <pb@xxxxxxxxxxxx>
Date: Sun, 02 Mar 2003 09:44:01 +0100
Cc: Maillist USAGI-users <usagi-users@xxxxxxxxxxxxxx>
In-reply-to: <C691E039D3895C44AB8DFD006B950FB4013FC832@lanmhs50.rd.francetelecom.fr>
References: <C691E039D3895C44AB8DFD006B950FB4013FC832@lanmhs50.rd.francetele com.fr>
Reply-to: usagi-users@xxxxxxxxxxxxxx

Hi,

I got a reply from Check Point.


Regarding to the IKE over TCP issue:

they use the also to IKE assigned port 500/tcp without any known protocol
differences. Reason was the existance of lame NAT devices that do not
handle well fragmented UDP packets.

Sure the same was the reason for implementing the feature also in the Cisco
VPN concentrator.

For IPv6: no need to implement, because here we have no NAT and
fragmentation will be handled per link.

General: can be discussed whether pluto is also able to listen on 500/tcp
by control switch.


        Peter
-- 
Dr. Peter Bieringer                     http://www.bieringer.de/pb/
GPG/PGP Key 0x958F422D               mailto: pb at bieringer dot de 
Deep Space 6 Co-Founder and Core Member  http://www.deepspace6.net/

Prev by Date: (usagi-users 02246) Re: Latency in IPv4 vs IPv6
Next by Date: (usagi-users 02248) [usagi-announce] 2003/03/03 snapshot
Previous by thread: (usagi-users 02245) Spice girls' vocal concert
Next by thread: (usagi-users 02248) [usagi-announce] 2003/03/03 snapshot
Index(es):
- Date
- Thread