49 lines
3.5 KiB
HTML
49 lines
3.5 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Implicit IKE" />
|
||
|
<meta name="abstract" content="In order for IKE negotiations to occur for your VPN, you need to allow UDP datagrams over port 500 for this type of IP traffic. However, if there are no filter rules on the system specifically written to permit IKE traffic, then the system will implicitly allow IKE traffic to flow." />
|
||
|
<meta name="description" content="In order for IKE negotiations to occur for your VPN, you need to allow UDP datagrams over port 500 for this type of IP traffic. However, if there are no filter rules on the system specifically written to permit IKE traffic, then the system will implicitly allow IKE traffic to flow." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajavpnwfilter.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzajaimplicitike" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Implicit IKE</title>
|
||
|
</head>
|
||
|
<body id="rzajaimplicitike"><a name="rzajaimplicitike"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Implicit IKE</h1>
|
||
|
<div><p>In order for IKE negotiations to occur for your VPN, you need to
|
||
|
allow UDP datagrams over port 500 for this type of IP traffic. However, if
|
||
|
there are no filter rules on the system specifically written to permit IKE
|
||
|
traffic, then the system will implicitly allow IKE traffic to flow.</p>
|
||
|
<p>To establish a connection, most VPNs require Internet Key Exchange (IKE)
|
||
|
negotiations to occur before IPSec processing can happen. IKE uses the well-known
|
||
|
port 500, so for IKE to work properly, you need to allow UDP datagrams over
|
||
|
port 500 for this type of IP traffic. If there are no filter rules on the
|
||
|
system specifically written to permit IKE traffic, then IKE traffic is implicitly
|
||
|
allowed. However, rules written specifically for UDP port 500 traffic are
|
||
|
handled based on what is defined in the active filter rules.</p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajavpnwfilter.htm" title="IP filtering and VPN are closely related. In fact, most VPN connections require filter rules to work properly. This topic provides you information about what filters VPN requires, as well as other filtering concepts related to VPN.">VPN and IP filtering</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|