17
IPsec concepts
Figure 60
datagram.
FIGURE 60
IPsec header options
IPsec adds headers to an IP datagram to enable authentication and privacy. There are two options:
•
•
Authentication Header
AH can be used to authenticate a data stream, but does not provide encryption needed for privacy.
The AH contains a message authentication code (MAC). The MAC is created by a hash algorithm
calculation. The MAC is transmitted in an IP datagram. The same hash algorithm is then used by
the receiver to verify the integrity of the packet. AH can be used in either transport mode or tunnel
mode, as shown in
FIGURE 61
230
DRAFT: BROCADE CONFIDENTIAL
provides a basic visual comparison of how transport mode and tunnel mode modify an IP
Transport mode and tunnel mode comparison
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Figure
61.
AH header in transport mode and tunnel mode
Web Tools Administrator's Guide
53-1001772-01