Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1053
Views
0
Helpful
2
Replies

IP Sec ESP Encryption

Go to solution
Ariyarathna
Level 1
Level 1

‎07-20-2021 09:14 PM

I am reading "demystifying the ipsec puzzle" book and  found following fact is confusing related to the ESP protocol.

 

". Encrypt the message, if encryption is mandated by the SA. The
packet data, padding, pad length, and Next Header fields will be
encrypted, along with the tunnel header for a Tunnel Mode SA.
The mandatory encryption algorithms for IPsec ESP are DES-CBC
and the null encryption algorithm. The latter does not provide
encryption protection. Because an ESP header must provide confidentiality, authentication, or both, when the null encryption algorithm is used for encryption, the null authentication algorithm
must not be used for authentication"

 

How it can be along with the tunnel header ? (As I think in tunnel mode new IP header is not encrypted) .Please help me to understand this concept. Thank you very much for your valuable time. 

 

Thanks,

Manoj

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎07-20-2021 11:56 PM

You are absolutely right that the outer header is not encrypted. I assume that it is just a typo and should read "along with the tunneled header ...". Then it would be correct as the original header is encrypted.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎07-20-2021 11:56 PM

You are absolutely right that the outer header is not encrypted. I assume that it is just a typo and should read "along with the tunneled header ...". Then it would be correct as the original header is encrypted.

0 Helpful

Go to solution
Ariyarathna
Level 1
Level 1
In response to Karsten Iwen

‎07-21-2021 01:14 AM

 

Thank you very much for the clarification.

 

Manoj

0 Helpful
Customers Also Viewed These Support Documents
Top