Mmm a little baffeled it was not more clearly stated than that as i always took this for granted as all following discussions on the port topic related to nat-t do imply this restriction. Maybe this restriction concerns (limited to src port 500) were in fact a reaction towards "broken" implementations. Ok, applogies then ;)
On Thu, Jan 29, 2004 at 09:19:08AM +0000, Ryan McBride wrote: > On Thu, Jan 29, 2004 at 10:04:22AM +0100, Jean-Francois Dive wrote: > > Well, this is not a bug but an initial requirement of the IKE RFC's. We > > can discuss about it's validity, but i doubt this can be considered as a > > problem with the conntivity. > > All the rfc says is that at minimum, an implementation must support > sending and recieving ISAKMP using UDP on port 500. It says nothing > about not accepting packets with different source ports: > > 2.5.1 Transport Protocol > > ISAKMP can be implemented over any transport protocol or over IP > itself. Implementations MUST include send and receive capability for > ISAKMP using the User Datagram Protocol (UDP) on port 500. UDP Port > 500 has been assigned to ISAKMP by the Internet Assigned Numbers > Authority (IANA). Implementations MAY additionally support ISAKMP > over other transport protocols or over IP itself. > > -Ryan -- -> Jean-Francois Dive --> [EMAIL PROTECTED] I think that God in creating Man somewhat overestimated his ability. -- Oscar Wilde
