07-20-2021 09:14 PM
I am reading "demystifying the ipsec puzzle" book and found following fact is confusing related to the ESP protocol.
". Encrypt the message, if encryption is mandated by the SA. The
packet data, padding, pad length, and Next Header fields will be
encrypted, along with the tunnel header for a Tunnel Mode SA.
The mandatory encryption algorithms for IPsec ESP are DES-CBC
and the null encryption algorithm. The latter does not provide
encryption protection. Because an ESP header must provide confidentiality, authentication, or both, when the null encryption algorithm is used for encryption, the null authentication algorithm
must not be used for authentication"
How it can be along with the tunnel header ? (As I think in tunnel mode new IP header is not encrypted) .Please help me to understand this concept. Thank you very much for your valuable time.
Thanks,
Manoj
Solved! Go to Solution.
07-20-2021 11:56 PM
You are absolutely right that the outer header is not encrypted. I assume that it is just a typo and should read "along with the tunneled header ...". Then it would be correct as the original header is encrypted.
07-20-2021 11:56 PM
You are absolutely right that the outer header is not encrypted. I assume that it is just a typo and should read "along with the tunneled header ...". Then it would be correct as the original header is encrypted.
07-21-2021 01:14 AM
Thank you very much for the clarification.
Manoj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide