• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Virtual Private Networks Proxy ID and RFC

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date Proxy ID and RFC pvsnmp 03-23-06  Re: Proxy ID and RFC Stephen J. Beva... 03-26-06  Re: Proxy ID and RFC pvsnmp 03-26-06

Posted by on March 23, 2006, 3:53 pm Please log in for more thread options Hi, Can someone tell me if the concept of proxyID in IKE Phase2 is from any RFC? If yes, which one is it? If No, who was the first vendor to come up with this idea?? Thanks and Regards, Prashant

Posted by Stephen J. Bevan on March 26, 2006, 8:53 pm Please log in for more thread options pvsnmp@yahoo.com writes: > Can someone tell me if the concept of proxyID in IKE Phase2 is from any > RFC? If yes, which one is it? The phrase "proxy ID" isn't explicitly used in the various IPsec related RFCs. However, it was used by members of the the IPsec mailing list and in various drafts of what became IPsec RFCs. For example, the following section is taken from draft-ietf-ipsec-isakmp-oakley-05.txt, section 5.6 titled "Phase 2- Quick Mode" :- If ISAKMP is acting as a proxy negotiator on behalf of another party the identities of the parties MUST be passed as IDui and then IDur. Local policy will dictate whether the proposals are acceptible for the identities specified. ... The proxy identities are used to identify and direct traffic to the appropriate tunnel in cases where multiple tunnels exist between two peers and also to allow for unique and shared SAs with different granularities. Local policy will determine whether packets which do not match the proxy information on which a tunnel was created will be forwarded upon leaving the tunnel. The language changed considerably by the time RFC 2408 and 2409 was created and the above sections do not appear. The main references to "proxy" left are in RFC 2408 section 4.1 :- IDx is the identity payload for "x". x can be: "ii" or "ir" for the ISAKMP initiator and responder, respectively, or x can be: "ui", "ur" (when the ISAKMP daemon is a proxy negotiator), for the user initiator and responder, respectively. and RFC 2409 section 7.2 :- The following payloads are exchanged in the first round of Quick Mode with ISAKMP SA negotiation. In this hypothetical exchange, the ISAKMP negotiators are proxies for other parties which have requested authentication.

Posted by on March 26, 2006, 10:41 pm Please log in for more thread options Hi, Thanks a lot. Regards, Prashant

Similar Threads	Posted
Proxy ID and RFC	March 23, 2006, 3:53 pm
Setting up proxy server on Mac	August 21, 2005, 7:48 pm

Contact Us | Privacy Policy