IPsec : Why do you combine ESP & AH ?
Rens-
Member Posts: 8 ■□□□□□□□□□
Hi there,
AH ensures authentication & integrity. ESP ensures the same with encryption.
In this case, why do you mix ESP & AH if ESP does the same than AH ?
Thanks in advance,
AH ensures authentication & integrity. ESP ensures the same with encryption.
In this case, why do you mix ESP & AH if ESP does the same than AH ?
Thanks in advance,
Comments
-
spd3432
Member Posts: 224
-- TrueAH ensures authentication & integrity.
-- FalseESP ensures the same with encryption.
ESP can ensure the authentication and integrity but alone only encrypts the IP data packet ensuring confidentiality.----CCNP goal----
Route [ ] Studying
Switch [ ] Next
Tshoot [ ] Eventually -
Rens-
Member Posts: 8 ■□□□□□□□□□
Hi spd3432 !
Thank you for your quick reply.ESP can ensure the authentication and integrity but alone only encrypts the IP data packet ensuring confidentiality.
Ok but what can be the advantage to mix AH & ESP ? AH authentication & integrity "method" is better than ESP ? -
QHalo
Member Posts: 1,488
cyberguypr gave you the answer more or less. AH doesn't have the ability to provide confidentiality. So when the packet is encapsulated, it looks like this.
([AH]{ESP header}|data|{ESP Trailer}{ESP Auth}) = Packet
There's more in there but that's the basic gist of it.
http://www.tcpipguide.com/free/t_IPSecAuthenticationHeaderAH.htm
This should help you.
