[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd and icmp dependencies

To: Todd Boyer <TBoyer@smcteam.com>
Subject: Re: isakmpd and icmp dependencies
From: Hakan Olsson <ho@rfc.se>
Date: Mon, 8 Sep 2003 16:18:21 +0200 (CEST)
Cc: "'misc@openbsd.org'" <misc@openbsd.org>
References: <57285DEF22B5634F8DDED46E1D9B74C982B346@gudis-dc.linthicum.md.smcteam.com>

On Mon, 8 Sep 2003, Todd Boyer wrote:

> How dependant is isakmpd on being able to echo icmp responses from peers?

isakmpd (i.e the IKE protocol) uses UDP port 500, only. No ICMP.
IPsec uses IP protocol 50 or 51, no ICMP there either.

That said, you can get ICMP responses for various reasons due to these
packets, as always with IP. Any such responses will most likely be ignored
-- there's not much you can do about them, protocolwise. :)

For workarounds, see Cedric Berger's answer about PMTU etc.

/H

References:
- isakmpd and icmp dependencies
  - From: Todd Boyer <TBoyer@smcteam.com>

Prev by Date: Re: Problems with updating quotas
Next by Date: hello again I do not know what to do.
Prev by thread: Re: isakmpd and icmp dependencies
Next by thread: Re: isakmpd and icmp dependencies
Index(es):
- Date
- Thread