07-20-2021 09:14 PM
I am reading "demystifying the ipsec puzzle" book and found following fact is confusing related to the ESP protocol.
". Encrypt the message, if encryption is mandated by the SA. The
packet data, padding, pad length, and Next Header fields will be
encrypted, along with the tunnel header for a Tunnel Mode SA.
The mandatory encryption algorithms for IPsec ESP are DES-CBC
and the null encryption algorithm. The latter does not provide
encryption protection. Because an ESP header must provide confidentiality, authentication, or both, when the null encryption algorithm is used for encryption, the null authentication algorithm
must not be used for authentication"
How it can be along with the tunnel header ? (As I think in tunnel mode new IP header is not encrypted) .Please help me to understand this concept. Thank you very much for your valuable time.
Thanks,
Manoj
Solved! Go to Solution.
07-20-2021 11:56 PM
You are absolutely right that the outer header is not encrypted. I assume that it is just a typo and should read "along with the tunneled header ...". Then it would be correct as the original header is encrypted.
07-20-2021 11:56 PM
You are absolutely right that the outer header is not encrypted. I assume that it is just a typo and should read "along with the tunneled header ...". Then it would be correct as the original header is encrypted.
07-21-2021 01:14 AM
Thank you very much for the clarification.
Manoj
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: