Solved: Ikev1 Using AH in IPSEC VPN configuration on ASA or Router questions

CiscoPurpleBelt · ‎03-09-2019

Which protocol suits or configs must you enter to build a IPSEC tunnel on ASA and use AH along with ESP? I understand you can use AH in conjunction with ESP but I don't know how you actually configure that or confirm it is being used on a IPSEC tunnel on a ASA or router.

Rob Ingram · ‎03-09-2019

AH and ESP are both used to encapsulate the traffic, you can either use AH or ESP but not both at the sametime. It's highly unlikely you would want to use AH (Authenticated Header) it's not as secure as ESP (Encapsulated Security Payload). AH only authenticates the header, where as ESP authenticates the header and encrypts the data.

An easy way to determine which is in use on an active tunnel is to use the command "show crypto ipsec sa" you will then be able to determine whether you have AH or ESP SAs.

HTH

View solution in original post

balaji.bandi · ‎03-09-2019

i would strongly suggest to understand each one of them before you implementing..good old school document :

http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎03-09-2019

AH and ESP are both used to encapsulate the traffic, you can either use AH or ESP but not both at the sametime. It's highly unlikely you would want to use AH (Authenticated Header) it's not as secure as ESP (Encapsulated Security Payload). AH only authenticates the header, where as ESP authenticates the header and encrypts the data.

An easy way to determine which is in use on an active tunnel is to use the command "show crypto ipsec sa" you will then be able to determine whether you have AH or ESP SAs.

HTH