On Thu, 16 Feb 2012, Yoav Nir wrote:
Are you really telling me they are using a private numbers from the
internet draft that expired more than 10 years ago, and which is not
compatible with the RFC3947 (which (which was published January 2005,
i.e. 7 years ago).
They don't always do that. But looking at their MainMode packet 1 in wireshark,
They send the following VIDs:
- RFC 3947 Negotiation of the NAT-Traversal in the IKE
- draft-ietf-ipsec-nat-t-ike
- draft-ietf-ipsec-nat-t-ike-08
- draft-ietf-ipsec-nat-t-ike-07
- draft-ietf-ipsec-nat-t-ike-06
- draft-ietf-ipsec-nat-t-ike-05
- draft-ietf-ipsec-nat-t-ike-04
- draft-ietf-ipsec-nat-t-ike-03
- draft-ietf-ipsec-nat-t-ike-02
- draft-ietf-ipsec-nat-t-ike-02\n
- RFC 3706 DPD (Dead Peer Detection)
I guess what they later do depends on what VID they get in the reply. There
were quite a few versions of Windows server that returned 90cb80…427b1f
(draft-ietf-ipsec-nat-t-ike-02\n), so maybe Paul's implementation was a
surprise for iOS.
I'll make sure this is not an implementation issue on our side.
Did any large deployment switch to removing all the draft VIDs? If so,
how many problems did that cause? I'd be happy to remove the ancient
drat cruft, especially if it increases interoperability.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
