cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
266
Views
0
Helpful
2
Replies
Ariyarathna
Beginner

IP Sec ESP Encryption

I am reading "demystifying the ipsec puzzle" book and  found following fact is confusing related to the ESP protocol.

 

". Encrypt the message, if encryption is mandated by the SA. The
packet data, padding, pad length, and Next Header fields will be
encrypted, along with the tunnel header for a Tunnel Mode SA.
The mandatory encryption algorithms for IPsec ESP are DES-CBC
and the null encryption algorithm. The latter does not provide
encryption protection. Because an ESP header must provide confidentiality, authentication, or both, when the null encryption algorithm is used for encryption, the null authentication algorithm
must not be used for authentication"

 

How it can be along with the tunnel header ? (As I think in tunnel mode new IP header is not encrypted) .Please help me to understand this concept. Thank you very much for your valuable time. 

 

Thanks,

Manoj

1 ACCEPTED SOLUTION

Accepted Solutions
Karsten Iwen
VIP Mentor

You are absolutely right that the outer header is not encrypted. I assume that it is just a typo and should read "along with the tunneled header ...". Then it would be correct as the original header is encrypted.

View solution in original post

2 REPLIES 2
Karsten Iwen
VIP Mentor

You are absolutely right that the outer header is not encrypted. I assume that it is just a typo and should read "along with the tunneled header ...". Then it would be correct as the original header is encrypted.

View solution in original post

 

Thank you very much for the clarification.

 

Manoj