[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BEHAVE] Re: CPE equipments and stateful filters

To: IPv6 Operations <v6ops@ops.ietf.org>, Behave WG <behave@ietf.org>
Subject: Re: [BEHAVE] Re: CPE equipments and stateful filters
From: james woodyatt <jhw@apple.com>
Date: Tue, 31 Jul 2007 10:19:52 -0700
In-reply-to: <05b401c7d33e$10360fc0$c5f0200a@amer.cisco.com>
References: <05b401c7d33e$10360fc0$c5f0200a@amer.cisco.com>

On Jul 30, 2007, at 23:43, Dan Wing wrote:

...or the server would need to tell its firewall to permitunsolicited incoming traffic.

It would be more accurate to describe that method like this: theserver would need to solicit the firewall to permit 1) inbound IKEinitiations from arbitrary remote addresses, and 2) IPsec ESP/AHflows for negotiated security associations. Neither of these twoforms of traffic could reasonably be described as "unsolicited" inthis case.



--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- RE: [BEHAVE] Re: CPE equipments and stateful filters
  - From: "Dan Wing" <dwing@cisco.com>

References:
- RE: [BEHAVE] Re: CPE equipments and stateful filters
  - From: "Dan Wing" <dwing@cisco.com>

Prev by Date: Re: Distributing site-wide RFC 3484 policy
Next by Date: RE: [BEHAVE] Re: CPE equipments and stateful filters
Previous by thread: Re: [BEHAVE] Re: CPE equipments and stateful filters
Next by thread: RE: [BEHAVE] Re: CPE equipments and stateful filters
Index(es):
- Date
- Thread