ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaja_5.4.0.1/rzajaimplicitike.htm

49 lines
3.5 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Implicit IKE" />
<meta name="abstract" content="In order for IKE negotiations to occur for your VPN, you need to allow UDP datagrams over port 500 for this type of IP traffic. However, if there are no filter rules on the system specifically written to permit IKE traffic, then the system will implicitly allow IKE traffic to flow." />
<meta name="description" content="In order for IKE negotiations to occur for your VPN, you need to allow UDP datagrams over port 500 for this type of IP traffic. However, if there are no filter rules on the system specifically written to permit IKE traffic, then the system will implicitly allow IKE traffic to flow." />
<meta name="DC.Relation" scheme="URI" content="rzajavpnwfilter.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajaimplicitike" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Implicit IKE</title>
</head>
<body id="rzajaimplicitike"><a name="rzajaimplicitike"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Implicit IKE</h1>
<div><p>In order for IKE negotiations to occur for your VPN, you need to
allow UDP datagrams over port 500 for this type of IP traffic. However, if
there are no filter rules on the system specifically written to permit IKE
traffic, then the system will implicitly allow IKE traffic to flow.</p>
<p>To establish a connection, most VPNs require Internet Key Exchange (IKE)
negotiations to occur before IPSec processing can happen. IKE uses the well-known
port 500, so for IKE to work properly, you need to allow UDP datagrams over
port 500 for this type of IP traffic. If there are no filter rules on the
system specifically written to permit IKE traffic, then IKE traffic is implicitly
allowed. However, rules written specifically for UDP port 500 traffic are
handled based on what is defined in the active filter rules.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajavpnwfilter.htm" title="IP filtering and VPN are closely related. In fact, most VPN connections require filter rules to work properly. This topic provides you information about what filters VPN requires, as well as other filtering concepts related to VPN.">VPN and IP filtering</a></div>
</div>
</div>
</body>
</html>