Authentication Header (Ah; Ike Security Association - NETGEAR FVS318 - ProSafe VPN Firewall Router Reference Manual

Broadband prosafe vpn firewall

Hide thumbs Also See for FVS318 - ProSafe VPN Firewall Router:

Reference manual (242 pages)

Installation manual (22 pages)

Specifications (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

Table of Contents

Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall

The ESP header is inserted into the packet between the IP header and any subsequent packet

contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt

the ESP header, nor does it encrypt the ESP authentication.

Authentication Header (AH)

AH provides authentication and integrity, which protect against data tampering, using the same

algorithms as ESP. AH also provides optional anti-replay protection, which protects against

unauthorized retransmission of packets. The authentication header is inserted into the packet

between the IP header and any subsequent packet contents. The payload is not touched.

Although AH protects the packet's origin, destination, and contents from being tampered with, the

identity of the sender and receiver is known. In addition, AH does not protect the data's

confidentiality. If data is intercepted and only AH is used, the message contents can be read. ESP

protects data confidentiality. For added protection in certain cases, AH and ESP can be used

together. In the following table, IP HDR represents the IP header and includes both source and

destination IP addresses.

Figure D-2: Original packet and packet with IPSec Authentication Header

IKE Security Association

IPSec introduces the concept of the Security Association (SA). An SA is a logical connection

between two devices transferring data. An SA provides data protection for unidirectional traffic by

using the defined IPSec protocols. An IPSec tunnel typically consists of two unidirectional SAs,

which together provide a protected, full-duplex data channel.

The SAs allow an enterprise to control exactly what resources may communicate securely,

according to security policy. To do this an enterprise can set up multiple SAs to enable multiple

secure VPNs, as well as define SAs within the VPN to support different departments and business

partners.

D-4

Virtual Private Networking

M-10146-01

Table of Contents

Show Quick Links

Quick Links:
Connecting the Firewall to the Internet

Hide quick links:

Table of Contents

Troubleshooting

This manual is also suitable for:

Fvs318n Fvs318na - prosafe vpn firewall recertified

Authentication Header (Ah; Ike Security Association - NETGEAR FVS318 - ProSafe VPN Firewall Router Reference Manual

Authentication Header (AH)

IKE Security Association

Hide quick links:

Troubleshooting

Related Manuals for NETGEAR FVS318 - ProSafe VPN Firewall Router

Related Content for NETGEAR FVS318 - ProSafe VPN Firewall Router

This manual is also suitable for:

Table of Contents