From owner-freebsd-net  Tue Aug  6 18:49:51 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B62EC37B400
	for <net@FreeBSD.ORG>; Tue,  6 Aug 2002 18:49:47 -0700 (PDT)
Received: from bastion.internal.lustygrapes.net (dhcp065-024-083-096.columbus.rr.com [65.24.83.96])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0A37F43E77
	for <net@FreeBSD.ORG>; Tue,  6 Aug 2002 18:49:47 -0700 (PDT)
	(envelope-from brianmcd@columbus.rr.com)
Received: from nivomede.internal.lustygrapes.net (nivomede.internal.lustygrapes.net [192.168.10.65])
	by bastion.internal.lustygrapes.net (Postfix) with ESMTP
	id 8FA5A5A1B; Tue,  6 Aug 2002 21:49:43 -0400 (EDT)
Subject: Re: racoon and transport mode...
From: Brian McDonald <brianmcd@columbus.rr.com>
To: Julian Elischer <julian@elischer.org>
Cc: net@FreeBSD.ORG
In-Reply-To:
	<Pine.BSF.4.21.0208061820330.65715-100000@InterJet.elischer.org>
References: <Pine.BSF.4.21.0208061820330.65715-100000@InterJet.elischer.org>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.5 
Date: 06 Aug 2002 21:49:42 -0400
Message-Id: <1028684984.73196.17.camel@nivomede.internal.lustygrapes.net>
Mime-Version: 1.0
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

IKE works over UDP port 500, using it's own crypto for authentication of
the remote peer.  Once they've decided they like each other, they can
exchange a key and use the kernel interfaces to install it in the IPSEC
stack and allow ESP or AH traffic.

Brian

On Tue, 2002-08-06 at 21:27, Julian Elischer wrote:
> 
> I am probably confused here but is it 
> possible to use IKE via racoon on a tranport mode ipsec
> connection?
> 
> 
> how does racoon communicate across the transport connection 
> to set the key if there is no key to start with..?
> 
> (seems like a catch 22, and I certainly can't make it work here..)
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
-- 
Brian McDonald
CCNA(tm) Certified
Tandemedia, Inc.
http://www.tandemedia.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message