IPSec and TCP

Markus Hofmann markus at hofmar.de
Tue Oct 5 12:53:47 EDT 1999


On Tue, 5 Oct 1999, John Smith wrote:

>  I'm new to IPSec and am trying to find a way to squeeze it through a
>  proxy-based firewall. It appears that IPSec is not TCP-based, but rather
>  uses another protocol. Is this the case? If so, does anyone know of a
>  firewall that proxies non-TCP or UDP based protocols?

IPSec uses IP Protocol 51 for AH-Transformations and 50 for
ESP-Transformations.
For IKE the IP Protocol 17 (UDP) Port 500 is used.
(TCP in addition is IP Protocol 6....)
I dont't know a firewall that proxies that Protocols, but in many
packetfilter modules you could define, that these protocols could pass the
filter engine.

ciao

M. Hofmann

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Markus Hofmann          Phone:    +49 170 2848250
St. Urbanusstr. 15      Fax:      +49 9371 2032
                        E-Mail:   hofmann at hofmar.de
63927 Buergstadt        SMS-Mail: sms at hofmar.de (Only Subject)
Germany                 PGP-Keys: look at http://www.hofmar.de
---------------------------------------------------------------------
         Only written with 100% recycleable electrons!

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************




More information about the VPN mailing list