1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Ipsec Protocols (Esp/Ah); The Ah Protocol; The Esp Protocol - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

9.3.4. IPsec Protocols (ESP/AH)

roaming clients. Instead, should a client be compromised, the client's certificate can simply be
revoked. No need to reconfigure every client.
Certificate Disadvantages
Added complexity. Certificate-based authentication may be used as part of a larger public key
infrastructure, making all VPN clients and firewalls dependent on third parties. In other words, there
are more things that have to be configured, and there are more things that can go wrong.
9.3.4. IPsec Protocols (ESP/AH)
The IPsec protocols are the protocols used to protect the actual traffic being passed through the
VPN. The actual protocols used and the keys used with those protocols are negotiated by IKE.
There are two protocols associated with IPsec, AH and ESP. These are covered in the sections
below.
AH (Authentication Header)
AH is a protocol used for authenticating a data stream.
Figure 9.1. The AH protocol
AH uses a cryptographic hash function to produce a MAC from the data in the IP packet. This MAC
is then transmitted with the packet, allowing the remote gateway to verify the integrity of the
original IP packet, making sure the data has not been tampered with on its way through the Internet.
Apart from the IP packet data, AH also authenticates parts of the IP header.
The AH protocol inserts an AH header after the original IP header, and in tunnel mode, the AH
header is inserted after the outer header, but before the original, inner, IP header.
ESP (Encapsulating Security Payload)
The ESP protocol inserts an ESP header after the original IP header, in tunnel mode, the ESP header
is inserted after the outer header, but before the original, inner, IP header.
All data after the ESP header is encrypted and/or authenticated. The difference from AH is that ESP
also provides encryption of the IP packet. The authentication phase also differs in that ESP only
authenticates the data after the ESP header; thus the outer IP header is left unprotected.
The ESP protocol is used for both encryption and authentication of the IP packet. It can also be used
to do either encryption only, or authentication only.
Figure 9.2. The ESP protocol
247
Chapter 9. VPN

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Netdefend dfl-2500Dfl-1600Netdefend dfl-860Netdefend dfl-260Netdefend dfl-800 ... Show all

Table of Contents