Re: [suse-security] how to enable ipsec over firewall?
As far as I understand, Ip Port 50 and UDP 500 play a special role
Exactly - the communication goes up on port 50 with protocol 50 using udp.
???
Ipsec uses *IP protocol* number 50 (IPv6-Crypt, look at /etc/protocols) for data echange, and *UDP port* number 500 (isakmp -> /etc/services) for key exchange.
Please don't complicate matters further by confusing ports and protocols...
Just my typo. But with the complete compliance via the word "exactly" everybody? should see it as what it is : just a typo :O) Yours Michael
Hi! On Tue, 17 Sep 2002, GentooRulez wrote:
As far as I understand, Ip Port 50 and UDP 500 play a special role
Exactly - the communication goes up on port 50 with protocol 50 using udp.
???
Ipsec uses *IP protocol* number 50 (IPv6-Crypt, look at /etc/protocols) for data echange, and *UDP port* number 500 (isakmp -> /etc/services) for key exchange.
Please don't complicate matters further by confusing ports and protocols...
Just my typo. But with the complete compliance via the word "exactly" everybody? should see it as what it is : just a typo :O)
No offense meant. (Typos happen - I had my share of them, too:-)). However: both the original sentence:
As far as I understand, Ip Port 50 and UDP 500 play a special role
and your answer:
Exactly - the communication goes up on port 50 with protocol 50 using udp.
are a little off the mark. There is no "IP port 50" (the protocols UDP and TCP do have ports, IP in itself doesn't); and "protocol 50 using UDP" doesn't make much sense either (UDP is protocol 17). I just wanted to clarify things (a little). Precision *is* important when fiddling with firewall rules... :-) Cheers, Martin
participants (2)
-
GentooRulez
-
Martin Köhling